CentOS Samba Sssd Active Directory
Hello all, Im having the latest CentOS that should be integrated into win 2012 active directory domain. Im having Authentication running, an AD user can login via ssh, getent and id working But Im not able to get the samba shares running with AD
[sfu-erp]
comment = Mandant path = /share
# ; valid users = @”RZ-DOMAIN\linuxtest” @”RZ-DOMAIN\linuxtest”
valid users = DOMAIN
# valid users = @”RZ-DOMAIN+dom
2 thoughts on - CentOS Samba Sssd Active Directory
—– Mail original —–
To make samba work with SSSD, I had to make some tuning in smb.conf :
security = ads workgroup = MYDOMAIN
realm = MYDOMAIN.TLD
encrypt passwords = yes passdb backend = tdbsam kerberos method = secrets and keytab
winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind refresh tickets = yes
To use the “valid users” directive, I have to deal with the AD SIDs. You can get it by running :
$ wbinfo –name-to-sid ad_user
$ wbinfo –name-to-sid ad_group
The RID idmap backend doesn’t work as expected. So I use the NSS backend :
idmap config MYDOMAIN : backend = nss idmap config MYDOMAIN : range = 10000-99999
idmap config * : backend = tdb idmap config * : range = 100000-999999
And in /etc/nsswitch.conf :
passwd: files sss shadow: files sss group: files sss
Hope this helps.
Sylvain.
Pensez ENVIRONNEMENT : n’imprimer que si ncessaire
Hello Sylvain,
Am Thursday 07 April 2016, 17:16:55 schrieb Sylvain CANOINE:
… yes! The other issue I had was on filesystem level, cause I had to chown -R
linuxtest:domainusergroup /share
Thanks for your help!
Stefan