group acl with winbind
Luca Olivetti
luca at wetron.es
Tue Apr 7 11:21:51 EDT 2015
El 07/04/15 a les 16:58, Sven Schwedas ha escrit:
>
> 1. Are you running cyrus on a Domain Controller, or on a normal member
> server?
member server
>
> 2. Which winbind/samba version(s) do you use?
3.6.25
>
> 3. smb.conf for the cyrus server?
[global]
security = ads
realm = SAMBA.WETRON.ES
workgroup = WETRON
kerberos method = secrets and keytab
client signing = yes
client use spnego = yes
dedicated keytab file = /etc/krb5.keytab
idmap config *:backend = tdb
idmap config *:range = 60001-69999
idmap config WETRON:backend = ad
idmap config WETRON:schema_mode = rfc2307
idmap config WETRON:range = 490-60000
idmap config WETRON:default = yes
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
username map = /etc/samba/smbusers
additional data: I assigned unix attributes to all groups in AD
(otherwise winbind cannot enumerate groups).
However I'm looking at the cyrus source and I see that to canonicalize a
group name it is using getgrnam, and a simple program using getgrnam
returns the group just fine.
Bye
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004 Fax +34 935883007
More information about the Info-cyrus
mailing list