Sean Barmettler
2004-Dec-16 18:22 UTC
[Samba] Providing AD auth/access to only certain groups
My goal here is to share a directory that people ftp files to.
[global]
workgroup = TELEVOX_1
netbios name = samba
server string = Debian Mass Storage Device
security = domain
realm = TELEVOX_1.LOCAL
username map = /etc/samba/smbusers
#password server = *
encrypt passwords = yes
interfaces = 192.168.169.31
localmaster = no
winbind separator = +
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = Yes
template homedir = /home/%D/%U
template shell = /bin/bash
[ftp]
comment = Mass Storage
path = /home/ftp
valid users = @"TELEVOX_1+TECHSUPPORT",
@"TECHSUPPORT", @"Domain
Admins"
admin users = @"TELEVOX_1+seanb", @"seanb",
@"Domain Admins",
seanb
read list = @"TELEVOX_1+Domain Users", @"Domain
Users"
I'm getting this in log.winbindd:
[2004/12/16 12:11:57, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
[2004/12/16 12:12:44, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
[2004/12/16 12:12:44, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
My questions:
Does the @ in the user lists (such as @"Televox_1+techsupport")
suggest
it's a group? Should I not use that with individual user names?
You can completely ignore/scratch all of this if you could simply
suggest to me how to provide full access to certain group(s), read only
to other group(s), and administrative to myself.
Sean Barmettler
2004-Dec-16 18:30 UTC
[Samba] Providing AD auth/access to only certain groups
Just as a follow up with more information I should have provided:
I'm deploying 6 servers, be it windows or linux (im trying to get this
working so it can be linux) for 6 departments here in this company.
Smbusers looks like this:
root = seanb administrator
I have POSIX acl's enabled on this kernel, from what I've read, im not
sure that it's required or not. Any help here is appreciated.
-----Original Message-----
From: samba-bounces+seanb=televox.com@lists.samba.org
[mailto:samba-bounces+seanb=televox.com@lists.samba.org] On Behalf Of
Sean Barmettler
Sent: Thursday, December 16, 2004 12:22 PM
To: samba@samba.org
Subject: [Samba] Providing AD auth/access to only certain groups
My goal here is to share a directory that people ftp files to.
[global]
workgroup = TELEVOX_1
netbios name = samba
server string = Debian Mass Storage Device
security = domain
realm = TELEVOX_1.LOCAL
username map = /etc/samba/smbusers
#password server = *
encrypt passwords = yes
interfaces = 192.168.169.31
localmaster = no
winbind separator = +
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = Yes
template homedir = /home/%D/%U
template shell = /bin/bash
[ftp]
comment = Mass Storage
path = /home/ftp
valid users = @"TELEVOX_1+TECHSUPPORT",
@"TECHSUPPORT", @"Domain
Admins"
admin users = @"TELEVOX_1+seanb", @"seanb",
@"Domain Admins",
seanb
read list = @"TELEVOX_1+Domain Users", @"Domain
Users"
I'm getting this in log.winbindd:
[2004/12/16 12:11:57, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
[2004/12/16 12:12:44, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
[2004/12/16 12:12:44, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
My questions:
Does the @ in the user lists (such as @"Televox_1+techsupport")
suggest
it's a group? Should I not use that with individual user names?
You can completely ignore/scratch all of this if you could simply
suggest to me how to provide full access to certain group(s), read only
to other group(s), and administrative to myself.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba