Schreiber Martin
2004-Oct-20 10:37 UTC
[Samba] winbind AD group "non primary group" permissions
Hello,
In our company we need to setup a samba-server for store the pst files in a
dedicated share on our samba server. A very important goal is "zero
administration"
Samba Server is a sun running solaris 9 , samba-3.0.7 is installed with
winbind , all is running as expected , users can connect to the share , if
the share isnt already created , it is created by preexec script
-------------------------------------------------------
sniplet of smb.conf
--------------------------------------------------------
[pst]
root preexec = /bin/ksh -c "mkdir /export/home/pst/%u"
path = /export/home/pst/%u
read only = no
create mask = 0700
directory mask = 0700
available = yes
public = no
------------------------------------------------
and now th problem....
As all is running so well , customers become hungry on advanced features ...
One of the features is , they want acces to the share be restricted to a
special group(AD) which is not the user's primary group. I searched google
etc etc all faqs and so on , but nothing. I tried around with preexec
scripts , using getent group|grep $usr ; without success,
maybe the failure is in my scripts , so my question ; is there anybody out ,
who had success in that case described
All help is much apreciated , kind regards martin
schreiber
Siemens Business Services
CCN-ITS Betrieb Wien GUD
Gudrunstrasse 11
A-1101 Wien
Martin Schreiber
Phone +43 5 1707 47565
Server-Administration
Fax +43 5 1707 57560
mailto:martin.a.schreiber@siemens.com
http://www.sbs.at
Gerald (Jerry) Carter
2004-Oct-20 13:57 UTC
[Samba] winbind AD group "non primary group" permissions
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Schreiber Martin wrote: | One of the features is , they want acces to the share | be restricted to a special group(AD) which is not the user's | primary group. I searched google etc etc all faqs and so on , | but nothing. I tried around with preexec scripts , using getent | group|grep $usr ; without success, maybe the failure is | in my scripts , so my question ; is there anybody out , | who had success in that case described If you know the group then just pass it into the root preexec and chgrp/chmod the target directory. Or you can just use a valid users = "DOMAIN\group" in smb.conf cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdm6pIR7qMdg1EfYRAqmgAKDaGJLM6B/bQwItt5KbdEnmmUu4GACfZrs2 r8UO77JRkZLegU5p7B3maO0=2oVM -----END PGP SIGNATURE-----