Richard Nordlund
2004-Jun-03 12:14 UTC
[Samba] Problems regarding permissions for active directory users.
Hi,
I managed to get Samba 3.0.4 running on FreeBSD together with Heimdal
Kerberos and winbind to authenticate users against our active directory.
As a Windows XP client access the shares, their username and group is
successfully checked (I know this from smbstatus), but I cant seem to be
able to set the permissions right.
For example, for a public share, I want the group Domain Users
("@EUROPE+Domain Users") to be have to read permissions, and the group
Domain Admins to have read/write permissions.
When I manage to allow read/write for the domain admins, the domain
users do not even gain access to the resource.
After messing around with this for the past couple days, I suspect it
has something do to with active directory users and groups not being
properly mapped to UNIX users and groups. I don't know how to do this,
and have been able to find very little information on this topic. It
might also have something to do with my poorly configured smb.conf.
Thank you for any help...
//Richard.
bash-2.05b# cat /usr/local/etc/smb.conf
[global]
workgroup = EUROPE
realm = EUROPE.LOCAL
server string = FreeBSD Server 01
security = ADS
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
[public]
comment = Public stuffs
path = /usr/home/public
valid users = '@EUROPE+Domain Admins', '@EUROPE+Domain
Users'
admin users = '@EUROPE+Domain Admins'
read list = '@EUROPE+Domain Users'
write list = '@EUROPE+Domain Admins'
read only = No
[volume01]
comment = Volume One
path = /usr/volume01
valid users = '@EUROPE+Domain Users'
write list = '@EUROPE+Domain Admins'
create mask = 0664
directory mask = 0775
bash-2.05b#
.........................................................
Note: Both shares are for testing purposes - im trying as much as
possible to achieve the above-stated effect.
Possibly Parallel Threads
- Problmes joining Samba server to Active Directory
- Joining Samba 3.0 to a "pure" Active Directory
- problems with gluster 3.2.4
- How to join a linux machine to a "pure" Active Directory Domain using Samba 3.0alpha21?
- Use Samba with ACL for read Active Directory and set Permissions via it.
Wisdom of the Ancients
