[OpenIndiana-discuss] Odd Samba/winbind issue

James Relph james at themacplace.co.uk
Tue Jun 25 10:24:11 UTC 2013


Hi all,

I still haven't been able to get Samba 3.6 working (of any variety), but I have managed to get Samba4 up and running, and it's pretty good.

I'll check these notes to make sure these are accurate, but these are the steps to have a non-global zone in Oi 151a7 sharing out SMB and AFP with AD logins.


**In the global glone added to/etc/system: set ngroups_max = 1024 and rebooted the global zone**

**In the non-global zone**

pkg install ar
pkg install illumos-gcc
pkg install gnu-binutils
pkg install git
pkg install gdb
pkg install system/header
pkg install system/library/math/header-math
pkg install developer/library/lint
pkg install cups
pkg install wget
pkg install samba

wget http://www.samba.org/samba/ftp/samba-latest.tar.gz
tar -xvzf samba—latest.tar.gz
cd samba-4.0.6

export PATH=“/usr/sbin:/usr/bin:/opt/gcc/4.4.4/bin:/usr/xpg4/bin:/usr/gnu/bin“
export LDFLAGS="-L/root/samba-4.0.6/bin/shared/private -R/usr/local/samba/lib/private -L/usr/gnu/lib -R/usr/gnu/lib -L/usr/lib -R/usr/local/samba/lib"

./configure --with-ad
make
make install

ln -s /usr/local/samba/lib/nss_winbind.so.1 /lib/nss_winbind.so.1
ln -s /usr/local/samba/lib/nss_winbind.so.1 /lib/nss_winbind.so.2
ln -s /usr/local/samba/lib/nss_winbind.so.1 /lib/libnss_winbind.so.1

crle -l /lib:/usr/lib:/etc/lib:/opt/gcc/4.4.4/lib:/usr/local/samba/lib:/usr/local/samba/lib/private

** In /usr/local/samba/etc/smb.conf added **

[global]
security = ads
realm = EXAMPLE.COM
password server = server.example.com
workgroup = EXAMPLE
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 300
winbind use default domain = yes
winbind expand groups = 5
idmap config * : range = 16777216-33554431
idmap config * : backend = tdb
template homedir = /export/home/%U
template shell = /bin/bash
log file = /var/samba/samba.log
log level = 5

[test]
comment = test
path = /test
browseable = yes
writeable = yes


/usr/local/samba/bin net ads join -U james at example.com

** Installed netatalk **
** Added to /etc/pam.conf for netatalk access **

netatalk auth requisite         pam_authtok_get.so.1
netatalk auth required          pam_dhkeys.so.1
netatalk auth required          pam_unix_cred.so.1
netatalk auth sufficient        /usr/local/samba/lib/security/pam_winbind.so
netatalk account requisite      pam_roles.so.1
netatalk account sufficient     pam_winbind.so


Thanks for all the help everyone, it helped me get it all working in a pretty neat way in the end.

All the best,

James

Principal Consultant



More information about the OpenIndiana-discuss mailing list