----- Mail original -----
> De: "Stefan Fuhrmann" <stefan@xxxxxxxxxxxxxxxxxxxx>
> À: "centos" <centos@xxxxxxxxxx>
> Envoyé: Jeudi 7 Avril 2016 16:13:26
> Objet: centos samba sssd active directory
> Hello all,
> Im having the latest centos that should be integrated into win 2012 active
> directory domain.
> Im having Authentication running, an AD user can login via ssh, getent and id
> working
> But Im not able to get the samba shares running with AD
To make samba work with SSSD, I had to make some tuning in smb.conf :
security = ads
workgroup = MYDOMAIN
realm = MYDOMAIN.TLD
encrypt passwords = yes
passdb backend = tdbsam
kerberos method = secrets and keytab
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind refresh tickets = yes
To use the "valid users" directive, I have to deal with the AD SIDs. You can get it by running :
$ wbinfo --name-to-sid ad_user
$ wbinfo --name-to-sid ad_group
The RID idmap backend doesn't work as expected. So I use the NSS backend :
idmap config MYDOMAIN : backend = nss
idmap config MYDOMAIN : range = 10000-99999
idmap config * : backend = tdb
idmap config * : range = 100000-999999
And in /etc/nsswitch.conf :
passwd: files sss
shadow: files sss
group: files sss
Hope this helps.
Sylvain.
Pensez ENVIRONNEMENT : n'imprimer que si ncessaire
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
