Hello I have a fileserver running samba 4.9.4 that is a member in an AD. The backup tool I am using is running as a linux user that is a member of linux group 'disk'. I'd like to add the group disk to a windows AD group 'backup' which have read access to the share. I am thinking that it is easier to manage the share from one point and that being the windows tool. I have only found a way to do the opposite. Is it possible or is my approach wrong? If so, how should I do it? -Mark-
On Sat, 19 Jan 2019 20:22:36 +0100 Mark Amundsen via samba <samba at lists.samba.org> wrote:> Hello > > I have a fileserver running samba 4.9.4 that is a member in an AD. > The backup tool I am using is running as a linux user that is a > member of linux group 'disk'. I'd like to add the group disk to a > windows AD group 'backup' which have read access to the share. I am > thinking that it is easier to manage the share from one point and > that being the windows tool. I have only found a way to do the > opposite. Is it possible or is my approach wrong? If so, how should I > do it? -Mark- >A 'local' Linux is just that, a local user, it is not a part of AD, so it cannot be used in AD, the same goes for groups. You could create the user in AD and then make this user a Linux user as well, but you will have to delete the local Linux user. You should then be able to add you AD Linux user to the local Linux group. Rowland
>> [...] I'd like to add the group disk to a >> windows AD group 'backup' [...]> A 'local' Linux is just that, a local user, it is not a part of AD, so > it cannot be used in AD, the same goes for groups. > > You could create the user in AD and then make this user a Linux user as > well, but you will have to delete the local Linux user. > > You should then be able to add you AD Linux user to the local Linux > group.Thanks for your input. (Backup is called amanda (debian package), seems to be hard coded to run as user 'backup' I'll set up a test case and see if backup user can be created from AD before I install amanda.) Can I use user mapping instead? Map backup to an AD user which is member of the backup ad group? -Mark-
Mandi! Mark Amundsen via samba In chel di` si favelave...> I have a fileserver running samba 4.9.4 that is a member in an AD. The backup tool I am using is running as a linux user that is a member of linux group 'disk'. I'd like to add the group disk to a windows AD group 'backup' which have read access to the share. I am thinking that it is easier to manage the share from one point and that being the windows tool. I have only found a way to do the opposite. > Is it possible or is my approach wrong? If so, how should I do it?You have to manage onlywith UNIX tools? If so, you can use 'pam_group' to add (local) groups to domain users. I use it to add 'adm' group to my domain administrator's group, so i can see logs withouth beeng root. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)