[CentOS] centos samba sssd active directory

Thu Apr 7 15:16:55 UTC 2016
Sylvain CANOINE <sylvain.canoine at tv5monde.org>


----- Mail original -----
> De: "Stefan Fuhrmann" <stefan at fuhrmann.homedns.org>
> À: "centos" <centos at centos.org>
> Envoyé: Jeudi 7 Avril 2016 16:13:26
> Objet: [CentOS] centos samba sssd active directory

> Hello all,
> Im having the latest centos that should be integrated into win 2012 active
> directory domain.
> Im having Authentication running, an AD user can login via ssh, getent and id
> working
> But Im not able to get the samba shares running with AD

To make samba work with SSSD, I had to make some tuning in smb.conf :

security = ads
workgroup = MYDOMAIN
realm = MYDOMAIN.TLD
encrypt passwords = yes
passdb backend = tdbsam
kerberos method = secrets and keytab

winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind refresh tickets = yes

To use the "valid users" directive, I have to deal with the AD SIDs. You can get it by running :
$ wbinfo --name-to-sid ad_user
$ wbinfo --name-to-sid ad_group

The RID idmap backend doesn't work as expected. So I use the NSS backend :
idmap config MYDOMAIN : backend = nss
idmap config MYDOMAIN : range = 10000-99999
idmap config * : backend = tdb
idmap config * : range = 100000-999999

And in /etc/nsswitch.conf :
passwd:  files sss
shadow:  files sss
group:   files sss

Hope this helps.

Sylvain.

Pensez ENVIRONNEMENT : n'imprimer que si ncessaire