Hi Greg (forgot to CC list)
Thanks for that info - seems quite similar to what I’ve put together so good to know I’m on the right track. I did eventually get the usernames coming across in getent not by using PAM but rather by manually inserting the nss_winbind.so.1 files into /usr/local/lib and using ‘crle’ to update the dynamic loader paths that get searched. I also dropped the 64-bit version into /usr/local/lib/64. I did both because getent and others are 32-bit whereas id and others are 64-bit. Once I did that, the settings inside nsswitch.conf flowed through and started working. AD users can happily authenticate/access the file share and the permissions are getting properly translated through to ZFS ACLs via the Windows file security tab. Next step is to try using delegated datasets and exposing ZFS snapshots via the Previous Versions tab. Thanks, Dave On 12 Feb 2015, at 4:56 pm, Greg Zartman <[email protected]<mailto:[email protected]>> wrote: On Tue, Feb 10, 2015 at 7:12 PM, David Finster <[email protected]<mailto:[email protected]>> wrote: As mentioned before, a stripped out smb.conf would also be appreciated to see if I’m going wrong anywhere. Sorry for the delay in getting back. I wasn't feeling well the last couple days. Here's my smb.conf less the shares sections. There is probably a few more things in there than you'll need, but you'll see where Samba is pointed and the DC on the .20 IP addy. Another thing you'll need to play around with is PAM. Have a look at this url and scroll down to the solaris related section that talks about pam.conf. Make sure you have these parameters set correctly. This will help getent pull the domain user information over from the pdc smb.conf [global] dns proxy = no domain logons = no domain master = no encrypt passwords = yes guest ok = no map to guest = never name resolve order = wins lmhosts bcast netbios name = test os level = 35 password server = 192.168.0.20 preferred master = auto remote announce = 192.168.0.20 remote browse sync = 192.168.0.20 security = domain server string = SME Server unix password sync = Yes pam password change = Yes idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes wins support = no wins server = 192.168.0.20 workgroup = domain.com<http://domain.com/> ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
