Alexander Pyhalov писал 02.06.2016 19:47:
Hi.
I've tried to setup native SMB server in domain mode (doing something
similar to
https://blogs.oracle.com/timthomas/entry/configuring_the_opensolaris_cifs_server
) and stuck...
Idmap seems working, I mean , I can do
"smbadm lookup DOMAIN\me", it returns correct SID.
# idmap list
add winuser:*@FULL.DOMAIN.NAME unixuser:*
add wingroup:*@FULL.DOMAIN.NAME unixgroup:*
# idmap show 'm...@full.domain.name' uid
winuser:m...@full.domain.name -> uid:2147483653
But if I try to connect to server with smbclient, it returns:
Domain=[DOMAIN] OS=[SunOS 5.11 illumos-06cf6f1] Server=[Native SMB
service]
tree connect failed: NT_STATUS_USER_SESSION_DELETED
Don't see anything interesting in server logs...
Does someone have any ideas?
Answering my own question... Of course, you have to have corresponding
local users for idmap mappings to work.
So, when we want to manage users in AD we have several choices:
1) join illumos box to AD (via ldapclient and manage users there), this
is not ideal, as
you'll have to set unix attributes in AD, which is annoying;
2) use samba (use winbind modules for pam/nss) - I went this way;
3) I've just found
https://docs.oracle.com/cd/E19120-01/open.solaris/819-3194/adsetup-2/index.html,
it seems nss_ad can be used to generate necessary uids/gids, using SID,
and this looks like what I wanted, but I've already set up samba...
P.S. And last issue: don't forget about set ngroups_max = 1024 or samba
will panic with strange errors as setgroups () call can fail.
---
System Administrator of Southern Federal University Computer Center
-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription:
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com
