Você precisa instalar o apt-get libnss-winbind libpam-winbind. Sua fazer alguns links em seu sistema para forçar getent através winbind. funcionou para mim samba do Ubuntu 16 4.3.11
Eu quero permitir que usuários do Windows AD acessem compartilhamentos de arquivos no meu servidor Ubuntu (16.04.1).
Eu segui este tutorial:
Samba compartilha com o Active Directory Login no Ubuntu 12.04
Eu segui todos os passos. Eu descobri que precisava instalar libnss-winbind & amp; libpam-winbind após alguns problemas.
Eu fiz pam-auth-update depois de instalar os últimos pacotes.
Eu recebo um cupom válido quando eu kinit um usuário,% wbinfo -u funciona,
wbinfo -g funciona,
getent passwd retorna local e usuários do AD,
getent group retorna apenas grupos locais. E quando quero chgrp -R 'Domain Users' /sharing/ , recebo: chgrp: invalid group: ‘Domain Users’
krb5.conf =
[libdefaults]
ticket_lifetime = 24h
default_realm = EXAMPLE.LOCAL
forwardable = true
[realms]
EXAMPLE.LOCAL = {
kdc = 192.168.254.3
default_domain = EXAMPLE.LOCAL
}
[domain_realm]
.example.local = EXAMPLE.LOCAL
example.local = EXAMPLE.LOCAL
[kdc]
profile = /etc/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
smb.conf =
[global]
# No .tld
workgroup = EXAMPLE
# Active Directory System
security = ads
# With .tld
realm = EXAMPLE.LOCAL
# Just a member server
domain master = no
local master = no
preferred master = no
# Disable printing error log messages when CUPS is not installed.
printcap name = /etc/printcap
load printers = no
# Works both in samba 3.2 and 3.6.
idmap backend = tdb
idmap uid = 10000-99999
idmap gid = 10000-99999
# no .tld
idmap config EXAMPLE:backend = rid
idmap config EXAMPLE:range = 10000-99999
winbind enum users = yes
winbind enum groups = yes
# This way users log in with username instead of [email protected]
winbind use default domain = yes
# Inherit groups in groups
winbind nested groups = yes
winbind refresh tickets = yes
winbind offline logon = true
# Becomes /home/example/username
template homedir = /home/%D/%U
# No shell access
template shell = /bin/false
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba/samba.log
log level = 2
[Dropbox]
comment = Daily Emptied Dropbox
path = /sharing/test
valid users = "@EXAMPLE\Domain Users"
force group = "domain users"
writable = yes
read only = no
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = yes
nsswitch.conf =
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the 'glibc-doc-reference' and 'info' packages installed, try:
# 'info libc "Name Service Switch"' for information about this file.
passwd: files winbind
group: files windind
shadow: files windind
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
(testado com compat em vez de files , mesmos resultados)
Como posso fazer com que os Grupos do AD funcionem?
Você precisa instalar o apt-get libnss-winbind libpam-winbind. Sua fazer alguns links em seu sistema para forçar getent através winbind. funcionou para mim samba do Ubuntu 16 4.3.11