Hi guys, I've joined CentOS 7 successfully to AD as member server, and set couple of shares. But, limiting access by listing groups, or forcing group write isn't working. Samba is clearly having issues with groups. This is example share not working at all (constantly asking for authentication): [tools] path = /data/tools/ comment = Web development tools valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev" browseable = yes writeable = yes force mode = 0660 force directory mode = 0770 force security mode = 0660 guest ok = no guest only = no delete readonly = Yes follow symlinks = Yes wide links = No case sensitive = Yes When I comment out or remove `valid users` directive, access works. Also, if I run getent groups it doesn't return any member, while on the CentOS 6 with samba 3.5.10 it works: centos7 # getent group 'domain users' domain users:x:10513: centos6 # getent group 'domain users' domain users:x:10513:jakov.sosic Any ideas? I've also found this serverfault post: http://serverfault.com/questions/625416/samba-4-group-members-not-shown-in-getent-group
Mark Nienberg
2016-Dec-12 04:49 UTC
[Samba] CentOS 7 AD member having issues with AD groups
On Sun, Dec 11, 2016 at 6:23 PM, Jakov Sosic via samba < samba at lists.samba.org> wrote:> [tools] > path = /data/tools/ > comment = Web development tools > valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev" >I don't think you need the quotes since you don't have spaces in the group names. And you don't need a comma either. valid users = @EXAMPLE\itdesign @EXAMPLE\itdev If you have spaces, then try like this: "@EXAMPLE\domain users"
Rowland Penny
2016-Dec-12 09:04 UTC
[Samba] CentOS 7 AD member having issues with AD groups
On Mon, 12 Dec 2016 03:23:56 +0100 Jakov Sosic via samba <samba at lists.samba.org> wrote:> Hi guys, > > I've joined CentOS 7 successfully to AD as member server, and set > couple of shares. > > But, limiting access by listing groups, or forcing group write isn't > working. > > Samba is clearly having issues with groups. > > > This is example share not working at all (constantly asking for > authentication): > > [tools] > path = /data/tools/ > comment = Web development tools > valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev" > browseable = yes > writeable = yes > force mode = 0660 > force directory mode = 0770 > force security mode = 0660 > guest ok = no > guest only = no > delete readonly = Yes > follow symlinks = Yes > wide links = No > case sensitive = Yes > > When I comment out or remove `valid users` directive, access works. > > Also, if I run getent groups it doesn't return any member, while on > the CentOS 6 with samba 3.5.10 it works: > > centos7 # getent group 'domain users' > domain users:x:10513: > > centos6 # getent group 'domain users' > domain users:x:10513:jakov.sosic > > > Any ideas? > > I've also found this serverfault post: > > http://serverfault.com/questions/625416/samba-4-group-members-not-shown-in-getent-group >If your shares are being accessed from windows. you would be better off setting the permissions from windows, see here: https://wiki.samba.org/index.php/Shares_with_Windows_ACLs Rowland
On 12/12/2016 05:49 AM, Mark Nienberg wrote:> > On Sun, Dec 11, 2016 at 6:23 PM, Jakov Sosic via samba > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote: > > [tools] > path = /data/tools/ > comment = Web development tools > valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev" > > > > I don't think you need the quotes since you don't have spaces in the > group names. And you don't need a comma either. > > valid users = @EXAMPLE\itdesign @EXAMPLE\itdev > > If you have spaces, then try like this: "@EXAMPLE\domain users" >This actually works but I was testing with a wrong user LOL which wasn't a member of said groups :D Sorry guys..