----- Mail original ----- > De: "Stefan Fuhrmann" <stefan at fuhrmann.homedns.org> > À: "centos" <centos at centos.org> > Envoyé: Jeudi 7 Avril 2016 16:13:26 > Objet: [CentOS] centos samba sssd active directory > Hello all, > Im having the latest centos that should be integrated into win 2012 active > directory domain. > Im having Authentication running, an AD user can login via ssh, getent and id > working > But Im not able to get the samba shares running with AD To make samba work with SSSD, I had to make some tuning in smb.conf : security = ads workgroup = MYDOMAIN realm = MYDOMAIN.TLD encrypt passwords = yes passdb backend = tdbsam kerberos method = secrets and keytab winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind refresh tickets = yes To use the "valid users" directive, I have to deal with the AD SIDs. You can get it by running : $ wbinfo --name-to-sid ad_user $ wbinfo --name-to-sid ad_group The RID idmap backend doesn't work as expected. So I use the NSS backend : idmap config MYDOMAIN : backend = nss idmap config MYDOMAIN : range = 10000-99999 idmap config * : backend = tdb idmap config * : range = 100000-999999 And in /etc/nsswitch.conf : passwd: files sss shadow: files sss group: files sss Hope this helps. Sylvain. Pensez ENVIRONNEMENT : n'imprimer que si ncessaire