I recently setup a machine to use centrify and authentication is working fine for console and ssh access but I am still having some problems with SMB sharing.
I have created a share with Unix Permission 770. The user owner is as AD User and the Group Owner is an AD Group.
The AD user is able to access the share but not members of the AD group. I also set the valid user as the domain group in smb.conf using valid users=+OU\test-us-ubuntu-users
If I change the linux permissions owner to another AD user they will be able to access the share but they will then be the only person that can access it.
I can resolve the groupname using wbinfo and adquery
wbinfo -g | grep test-us-ubuntu-users
test-us-ubuntu-users
[testadmin@test-centos bin]$ adquery group test-us-ubuntu-users
test-us-ubuntu-users:x:243347734:admin-test,norton
adbindproxy
sudo /usr/share/centrifydc/bin/adbindproxy.pl --version
adbindproxy.pl (CentrifyDC-adbindproxy 5.3.0-504)
[testadmin@test-rn-centos ~]$ smbstatus
Samba version 4.2.10
[testadmin@test-centos /]$ sudo adinfo -V
Options:
-------
task: all
domain: null
output: null
additional paths: null
user: null
using user's credential cache: No
allow password prompt in kerberos get init credential: Yes
user's credential cache: null
server: null
Local host name: test-centos
Joined to domain: ou.ad3.ucdavis.edu
Joined as: test-centos.ou.ad3.ucdavis.edu
Pre-win2K name: test-centos
Current DC: oudc3c.ou.ad3.ucdavis.edu
Preferred site: Default-First-Site
Zone: Auto Zone
Retrieving site information from site=any, server='xxxxxx.ou.ad3.ucdavis.edu'
Using machine credentials
Using principal name 'test-centos$@OU.AD3.UCDAVIS.EDU'
Binding to ou.ad3.ucdavis.edu, cache=MEMORY:0x8c4c40
Searching for (&(samAccountName=test-centos$)(objectClass=computer))
in dc=OU,dc=AD3,dc=UCDAVIS,dc=EDU
Found computer account: CN=test-centos,OU=test-OU-Computers,OU=test,OU=DEPARTMENTS,DC=ou,DC=ad3,DC=ucdavis,DC=edu
Last password set: 2016-11-03 10:24:49 PDT
CentrifyDC mode: connected
Licensed Features: Disabled