Jason Haar
2007-Feb-22 02:16 UTC
[Samba] Do Domain Local groups work via 'valid users = "@dom\Group Name"'?
Hi there We have a bunch of Samba 3.0.24 servers that use winbind to integrate into an existing Win2K3-based AD infrastructure. We have our own forest (call it FOREST, with sub-domains "DOM1" and "DOM2") - but have transitive and two-way trusts to other Win2K3 forests. We have set up (under Windows) a bunch of "DOM1" Domain Local Groups containing a mixture of "DOM1" Domain groups and accounts from DOM2 and other trusted forests. i.e. on a Win2K3 server we can create a share that can be accessed via people from both our own forest (both DOM1 and DOM2) and others via using a Domain Local Group. I want to do the same with Samba, but 'valid users = "@DOM1\Domain Local Group"' doesn't work?. If I am logged into a Samba server that is a member of DOM1, then "getent group 'Domain Local Group'" returns the DOM1 members - **but not any from DOM2 or the other trusted forests**! BTW The DOM1 Samba server is quite capable of successfully doing a "getent passwd DOM2\account". Am I doing something wrong? How can I get a Samba server in either DOM1 or DOM2 to fully support allowing anyone in that Domain Local Group to connect? Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Reasonably Related Threads
- samba-3.6.1 cannot be used by trusted domain users?
- Cannot connect to Samba-3.0.23d (and earlier) from other trusted AD domains
- Vista SP1-rc1 appears to break against Samba-3.0.27a
- Can Asterisk "proxy" a SIP phone to make it look like a Cisco skinny softphone?
- Win2K3 DNS losing Samba DNS entries?
Wisdom of the Ancients
