Now create the resolve.conf
:> svccfg -s network/dns/client setprop config/nameserver = net_address: "(192.168.1.1 192.168.1.6)" :> svccfg -s network/dns/client setprop config/domain = astring: "testrealm.com" :> svccfg -s network/dns/client setprop config/search = astring: '("testrealm.com" "vm.testrealm.com")' :> svccfg -s network/dns/client setprop config/host = astring: '("files" "dns")'
Now you need to modify the nsswitch.conf file using the following.
:> nscfg export svc:/network/dns/client:default
And finally push the configuration to nsswitch
:> svccfg -s name-service/switch config/host = astring: '(“files dns”)' :> svccfg -s name-service/switch config/ipnodes = astring: '("files dns")'
You should now see files/dns as the search for host and ipnodes.
:> svcadm refresh svc:/system/name-service/switch:default
setprop config/password = "files winbind"
setprop config/group = "files winbind"
exit# svcadm refresh name-service/switch
# winbind winbind separator = + idmap uid = 11000-19000 idmap gid = 11000-19000 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes allow trusted domains = yes
In this case I want to give myself toms full access to the first share, then I can just use the windows explorer dialog to modify the security later.
tfs@husker:/~$ idmap dump -n wingroup:Developers@ms.test.com == gid:2147491848 wingroup:NLS@ms.test.com == gid:2147491847 wingroup:SOFP@ms.test.com == gid:2147491849 winuser:firstname.lastname@example.org == uid:2147491841 wingroup:Domain Users@ms.test.com == gid:2147491842
You need to make sure you have the UNIX plugin to AD installed so AD is the one handling the uid/gids of the AD people connecting. Come to think of it, its possible that was the issue with your winbind not showing groups. If the group doesn't have a GID assigned to it by AD, then it will not show in getent groups. If you do not see a user or a group showing up now, it is probably that issue.
#chmod A+user:2147491841:full_set:allow /tank/smb/public
I haven't setup home folders for AD users yet.
tfs@husker:/etc/pam.d$ sudo su - toms Password: su: No directory!