Quote:
Originally Posted by yx0p
When i do id user1 it lists all of the groups that user is associated with within AD. I'm wondering do i have to map an AD member group to a linux user or something?
|
That's exactly what the idmap function does, and is why you get a Unix User ID when you run the
id command on an AD user:
Quote:
Originally Posted by yx0p
[root@ROM samba]# id user1
uid=10000(user1) gid=10000(domain users) groups=10000(domain users)
|
This is proof of a working idmap configuration. It also proves that the "winbind use default domain" option is active, as you didn't have to type
id EXAMPLE\\user1 to obtain the Unix ID of a user from the AD domain.
You should try changing the owner of a file to be a domain user, just to verify that both nsswitch and PAM are indeed working properly:
Code:
# touch somefile
# chown EXAMPLE\\user1 somefile
# ls -l somefile
If the result is a file owned by the domain user "user1", all is well.
I looked through your
smb.conf once more, and noticed the "valid users = any" setting. I can't remember having seen any references to "any" as a valid parameter on the Samba Wiki pages. Have you tried commenting out that setting?
It's often a good idea to start off with a bare minimum of settings, and then add the required settings one by one to see if anything breaks. For instance, the "client", "encrypt passwords" and "restrict anonymous" settings should be superfluous, so you could try commenting out those as well.
Do the settings reported by
testparm match your intended settings in
smb.conf?