Вот нашел инструкцию на Wiki Samba 4
https://wiki.samba.org/index.php/Shares_with_Windows_ACLsДошел до
In the following, we will grant the privilege to the group "Domain Admins", but before doing this, make sure that the group is available to the local OS by NSS; usually via Winbindd:
# getent group "Domain Admins"
domain admins:x:10001:
If you don't get an output showing the queried name and its ID, there may be something wrong in your NSS configuration or if you are using Winbindd with RFC2307 (idmap_ad), you might not have an ID assigned (see User and group management for how to administer Unix Attributes in an AD). If the "Domain Admins" group is available to the OS, you can grant the SeDiskOperatorPrivilege privilege to (add the "-I dc1.samdom.example.com" if you had the previous error with NT_STATUS_CANT_ACCESS_DOMAIN_INFO):
Присвоил группе Domain Admins через оснастку в server2012 ID через вкладку Unix Attributes, но так и не вижу через getend group желаемую группу. Я так думаю нужен еще запущенный winbind, но он почему то при запуске падает. И в логах я ничего путного по этому поводу не нашел. Два вопроса в которых прошу помощи:
1. Нужен ли winbind
2. Куда смотреть почему он падает.
Вот конфиг smb.conf на текущий момент
[root@ad ~]# cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = AD
realm = SPO.O7.COM
workgroup = SPO
dns forwarder = 8.8.4.4
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
# rpc_server:spoolss = external
# rpc_daemon:spoolssd = fork
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[netlogon]
path = /var/lib/samba/sysvol/spo.o7.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
#[printers]
# path = /var/lib/spool
# printable = yes
# printing = CUPS|LPRNG|...Попытка запуска winbind
# systemctl start winbind.service
Job for winbind.service failed because the control process exited with error code.
See "systemctl status winbind.service" and "journalctl -xe" for details.
[root@ad ~]# systemctl status winbind.service
● winbind.service - Samba Winbind Daemon
Loaded: loaded (/lib/systemd/system/winbind.service; disabled; vendor preset:
Active: failed (Result: exit-code) since Вт 2016-09-27 17:01:12 +07; 2s ago
Process: 2214 ExecStart=/usr/sbin/winbindd $WINBINDOPTIONS (code=exited, statu
сен 27 17:01:12 ad.localdomain systemd[1]: Starting Samba Winbind Daemon...
сен 27 17:01:12 ad.localdomain systemd[1]: winbind.service: Control process exit
сен 27 17:01:12 ad.localdomain systemd[1]: Failed to start Samba Winbind Daemon.
сен 27 17:01:12 ad.localdomain systemd[1]: winbind.service: Unit entered failed
сен 27 17:01:12 ad.localdomain systemd[1]: winbind.service: Failed with result '
[root@ad ~]# journalctl -xe"
> ^C
[root@ad ~]# journalctl -xe
--
-- Произошел сбой юнита winbind.service.
--
-- Результат: failed.
сен 27 17:01:03 ad.localdomain systemd[1]: winbind.service: Unit entered failed
сен 27 17:01:03 ad.localdomain systemd[1]: winbind.service: Failed with result '
сен 27 17:01:12 ad.localdomain systemd[1]: Starting Samba Winbind Daemon...
-- Subject: Начинается запуск юнита winbind.service
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Начат процесс запуска юнита winbind.service.
сен 27 17:01:12 ad.localdomain systemd[1]: winbind.service: Control process exit
сен 27 17:01:12 ad.localdomain systemd[1]: Failed to start Samba Winbind Daemon.
-- Subject: Ошибка юнита winbind.service
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Произошел сбой юнита winbind.service.
--
