Web lists-archives.com

Re: [Samba] AIX issue




On Tue, 15 Jan 2019 17:09:00 +0000
Howard Coles <hcoles@xxxxxxxxxxxxxxxxx> wrote:

> Here is the smb.conf made generic to pass on.  The share I’m
> concerned with at the moment is the "appprt" share, it's simple
> enough but it's not recognizing that primary local group.:
> 
> # Samba config file created using SWAT
> # Date: 2007/09/26 11:03:44
> 
> [global]
>         workgroup = OURDOMAIN
>         realm = realm.net
>         netbios name = SERVERNAME
>         server string = SERVERNAME Samba Server
>         security = ADS
>         encrypt passwords = Yes
>         syslog = 0
>         max log size = 1000
>         local master = No
>         wins server = 192.168.0.6
>         read only = No
>         short preserve case = No
>         dos filetime resolution = Yes
>         kerberos method = secrets and keytab
>         winbind refresh tickets = yes
>         winbind use default domain = yes
>         passdb backend = tdbsam
>         protocol = SMB2

There appears to be a large block missing i.e. the authentication block

There should be something like this:

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config OURDOMAIN : backend = rid
idmap config OURDOMAIN : range = 10000-999999

But that wouldn't work for what you asking about, the only way to set
the users Unix primary group is to add uidNumber & gidNumber attributes
to AD, use Samba >= 4.6.0 and this:

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config OURDOMAIN : backend = ad
idmap config OURDOMAIN : schema_mode = rfc2307
idmap config OURDOMAIN : range = 10000-999999
idmap config OURDOMAIN : unix_nss_info = yes
idmap config OURDOMAIN : unix_primary_group = yes

> 
> [appprt]
>         path = /u/appdir/app/print/%u
>         read only = Yes
>         guest ok = Yes

You cannot use 'guest ok = yes' in AD, all the users are
authenticated.

What is the AD DC ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba