<div dir="ltr"><div class="gmail_default" style="font-size:small">OK, so here's where this things stands right now.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I have Ubuntu 14.04 running Samba 4.1 as a member server on my AD domain. I can access Windows shares, including home shares from my Windows clients using Windows ACL's as if accessing a Windows server.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">The Samba wiki, starting here, was very helpful: <a href="https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server" target="_blank">https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server</a></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Now, I've encountered a glitch that I hope someone can help me with:</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">If I do a gentent passwd, I am able to see all the users from my AD, EXCEPT the ones that I have created since joining this server to the domain. Is there I command I need to run to update the user list on the Ubuntu box? I don't recall doing anything special before. Just installed libnss-winbind and lipam-winbind and bang, getent passwd just worked, fully populated with AD users.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">What is interesting, is that getent group, shows these newly created users as added to appropriate groups, which makes it all the more perplexing to me. <br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">If I do a wbinfo -u I get a list of all domain users, including the newly created ones.</div><div class="gmail_default" style="font-size:small"><div class="gmail_default"><br></div></div><div class="gmail_default" style="font-size:small">If I do id smbtest1, I get "no such user". Other users (all those created before today) work fine e.g. id eholcroft</div><div class="gmail_default">uid=10019(eholcroft) gid=10004(domain users) groups=10004(domain users),10057(atlanta),10067(accessusers),10047(mkastaff),10078(it),10162,10001(BUILTIN\users)</div><div><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">This seems to be the only issue standing between me and getting my shares fully functional. All users can access shares as expected, EXCEPT those that do not show up in getent passwd - for these users, the Windows client gets stuck on username and password prompt when trying to access a share (providing the credentials does not help)</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">cheers</div><div class="gmail_default" style="font-size:small">ed</div><div class="gmail_default" style="font-size:small"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 10, 2014 at 3:53 PM, Edward Holcroft <span dir="ltr"><<a href="mailto:eholcroft@mkainc.com" target="_blank">eholcroft@mkainc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-size:small">All,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">The time has finally come to ditch our Micro$haft file servers as another increment towards weaning ourselves of our Windows habit. For now, I have to keep Active Directory in the picture, although I have managed to reduce the AD server footprint from 18 servers down to 4. Corporate mindset issues demand small steps.</div>
<div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Question: Is it better to go with an "appliance solution" such as FreeNAS vs. distro+Samba? </div><div class="gmail_default" style="font-size:small">
<br></div><div class="gmail_default" style="font-size:small">I played around with FreeNAS a bit and while it has great automation of things like AD integration (which I will need to do for now) and a great web interface, it seems less flexible when it comes to e.g. backup options. It seems a simple Ubuntu/Samba box gives me many options on how to handle our daily backups to USB, while FreeNAS can potentially close doors to me, or at least make things harder. That's just one example that I ran into.</div>
<div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">So, I'd like to hear from you about experiences/pros-cons of appliance-type options vs the manual way. I've tried both at a simple test level. They both seem viable and I really want to like FreeNAS, but just cannot seem to get comfortable with it - little glitches seem to pop up that have the potential to be major sticking points. So right now I'm leaning towards distro+Samba.</div>
<div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Feel free to suggest other options besides the two mentioned here. Whatever solution I deploy I have to be able to use Windows ACL's on the shares ... for now.</div>
<div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">cheers</div><div class="gmail_default" style="font-size:small">ed</div><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br><div dir="ltr">Edward Holcroft | Madsen Kneppers & Associates Inc.<br>
11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097<br>O <a href="tel:%28770%29%20446-9606" value="+17704469606" target="_blank">(770) 446-9606</a> | M <a href="tel:%28770%29%20630-0949" value="+17706300949" target="_blank">(770) 630-0949</a></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Edward Holcroft | Madsen Kneppers & Associates Inc.<br>11695 Johns Creek Parkway, Suite 250 | Johns Creek, GA 30097<br>O (770) 446-9606 | M (770) 630-0949</div>
</div>
<br>
<span style="font-family:arial"><font size="2">MADSEN, KNEPPERS & ASSOCIATES USA, MKA Canada Inc. WARNING/CONFIDENTIALITY NOTICE: This message may be confidential and/or privileged. If you are not the intended recipient, please notify the sender immediately then delete it - you should not copy or use it for any purpose or disclose its content to any other person. Internet communications are not secure. You should scan this message and any attachments for viruses. Any unauthorized use or interception of this e-mail is illegal.</font></span>