Hello all, Im having the latest centos that should be integrated into win 2012 active directory domain. Im having Authentication running, an AD user can login via ssh, getent and id working But Im not able to get the samba shares running with AD
[sfu-erp] comment = Mandant path = /share # ; valid users = @"RZ-DOMAIN\linuxtest" @"RZ-DOMAIN\linuxtest" valid users = DOMAIN # valid users = @"RZ-DOMAIN+domänen-benutzer" # valid users = @"RZ-DOMAIN" #valid users = %S, RDOMAIN%S #valid users = @DOMAIN #valid users = linuxtest
# force user = fuhste # guest ok = yes # force group = @"RZ-DOMAIN+domänen-benutzer" # force group = @"RZ-ODOMAIN"
# ; force group = domänen-benutzer force create mode = 0660 force directory mode = 0770 readonly = no writeable = yes
As you can see Itried a lot with valid users with no success. Im trying some days now but Im not able to get it running. Need more information?
Can someone help? Tia Stefan
----- Mail original -----
De: "Stefan Fuhrmann" stefan@fuhrmann.homedns.org À: "centos" centos@centos.org Envoyé: Jeudi 7 Avril 2016 16:13:26 Objet: [CentOS] centos samba sssd active directory
Hello all, Im having the latest centos that should be integrated into win 2012 active directory domain. Im having Authentication running, an AD user can login via ssh, getent and id working But Im not able to get the samba shares running with AD
To make samba work with SSSD, I had to make some tuning in smb.conf :
security = ads workgroup = MYDOMAIN realm = MYDOMAIN.TLD encrypt passwords = yes passdb backend = tdbsam kerberos method = secrets and keytab
winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind refresh tickets = yes
To use the "valid users" directive, I have to deal with the AD SIDs. You can get it by running : $ wbinfo --name-to-sid ad_user $ wbinfo --name-to-sid ad_group
The RID idmap backend doesn't work as expected. So I use the NSS backend : idmap config MYDOMAIN : backend = nss idmap config MYDOMAIN : range = 10000-99999 idmap config * : backend = tdb idmap config * : range = 100000-999999
And in /etc/nsswitch.conf : passwd: files sss shadow: files sss group: files sss
Hope this helps.
Sylvain.
Pensez ENVIRONNEMENT : n'imprimer que si ncessaire
Hello all,
with the great help of Sumit Bose from sssd- mailinglist the issue is solved:
"ah, can you try to add 'use_fully_qualified_names = True' to the [domain/...] section of sssd.conf, restart SSSD and try again? Now 'wbinfo -s ....' (lower-case s) should return a result as well."
That did the trick!!
Stefan