Hi, I have been setting up samba and winbind on a Debian Linux box to
allow access to shares authenticating from a Windows 2000 Active Directory
Domain.
I have got almost everythign I want to work, but I am stuck with one
thing. I would like to add domain users to a local unix group and then
add that group to the valid users line to a share. Enclosed is my
smb.conf and my /etc/group files
Thank you,
Kimball
--smb.conf--
#======================= Global Settings ======================
[global]
workgroup = TEST
server string = %h server (Samba %v)
wins server = 10.22.2.70
dns proxy = no
; name resolve order = lmhosts host wins bcast
log file = /var/log/samba/log.%m
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = domain
idmap uid = 15000-20000
idmap gid = 15000-20000
# winbind separator = %
winbind enum users = yes
winbind enum groups = yes
# winbind use default domain = yes
password server = *
encrypt passwords = true
passdb backend = tdbsam guest
obey pam restrictions = yes
; guest account = nobody
invalid users = root
; unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
; pam password change = no
; load printers = yes
; printing = bsd
; printcap name = /etc/printcap
; printing = cups
; printcap name = cups
; printer admin = @ntadmin
; preserve case = yes
; short preserve case = yes
; include = /home/samba/etc/smb.conf.%m
socket options = TCP_NODELAY
; message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &
; domain master = auto
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
; write list = root, @ntadmin
# This works, and allows all users authenticated on the domain
[test1]
comment = Open Test Share
path = /usr/share/smb/test1
public = yes
writable = yes
# This doesn't work
[test2]
comment = Only for group foo
path = /usr/share/smb/test2
public = no
writeable = yes
valid users = @foo
# This works and only allow the user 'user' on domain 'TEST' to
access
[test3]
comment = Only for user
path = /usr/share/smb/test3
public = no
writeable = yes
valid users = TEST\user
# This works and allows all members of the domain group 'Domain Users'
to
access
[test4]
comment = Only for Domain group 'Domain Users'
path = /usr/share/smb/test4
public = no
writeable = yes
valid users = @TEST\"Domain Users"
--/etc/group--
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:kimball
fax:x:21:
voice:x:22:
cdrom:x:24:kimball
floppy:x:25:kimball
tape:x:26:
sudo:x:27:
audio:x:29:kimball
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:telnetd
video:x:44:kimball
sasl:x:45:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
crontab:x:101:
Debian-exim:x:102:
kimball:x:1000:
postgres:x:103:
ssh:x:104:
bind:x:105:
telnetd:x:106:
foo:x:107:TEST\user
bar:x:1001: