Sean Barmettler
2004-Dec-16 18:22 UTC
[Samba] Providing AD auth/access to only certain groups
My goal here is to share a directory that people ftp files to. [global] workgroup = TELEVOX_1 netbios name = samba server string = Debian Mass Storage Device security = domain realm = TELEVOX_1.LOCAL username map = /etc/samba/smbusers #password server = * encrypt passwords = yes interfaces = 192.168.169.31 localmaster = no winbind separator = + winbind cache time = 10 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = Yes template homedir = /home/%D/%U template shell = /bin/bash [ftp] comment = Mass Storage path = /home/ftp valid users = @"TELEVOX_1+TECHSUPPORT", @"TECHSUPPORT", @"Domain Admins" admin users = @"TELEVOX_1+seanb", @"seanb", @"Domain Admins", seanb read list = @"TELEVOX_1+Domain Users", @"Domain Users" I'm getting this in log.winbindd: [2004/12/16 12:11:57, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(307) name 'seanb' is not a local or domain group: 1 [2004/12/16 12:12:44, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(307) name 'seanb' is not a local or domain group: 1 [2004/12/16 12:12:44, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(307) name 'seanb' is not a local or domain group: 1 My questions: Does the @ in the user lists (such as @"Televox_1+techsupport") suggest it's a group? Should I not use that with individual user names? You can completely ignore/scratch all of this if you could simply suggest to me how to provide full access to certain group(s), read only to other group(s), and administrative to myself.
Sean Barmettler
2004-Dec-16 18:30 UTC
[Samba] Providing AD auth/access to only certain groups
Just as a follow up with more information I should have provided: I'm deploying 6 servers, be it windows or linux (im trying to get this working so it can be linux) for 6 departments here in this company. Smbusers looks like this: root = seanb administrator I have POSIX acl's enabled on this kernel, from what I've read, im not sure that it's required or not. Any help here is appreciated. -----Original Message----- From: samba-bounces+seanb=televox.com@lists.samba.org [mailto:samba-bounces+seanb=televox.com@lists.samba.org] On Behalf Of Sean Barmettler Sent: Thursday, December 16, 2004 12:22 PM To: samba@samba.org Subject: [Samba] Providing AD auth/access to only certain groups My goal here is to share a directory that people ftp files to. [global] workgroup = TELEVOX_1 netbios name = samba server string = Debian Mass Storage Device security = domain realm = TELEVOX_1.LOCAL username map = /etc/samba/smbusers #password server = * encrypt passwords = yes interfaces = 192.168.169.31 localmaster = no winbind separator = + winbind cache time = 10 idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = Yes template homedir = /home/%D/%U template shell = /bin/bash [ftp] comment = Mass Storage path = /home/ftp valid users = @"TELEVOX_1+TECHSUPPORT", @"TECHSUPPORT", @"Domain Admins" admin users = @"TELEVOX_1+seanb", @"seanb", @"Domain Admins", seanb read list = @"TELEVOX_1+Domain Users", @"Domain Users" I'm getting this in log.winbindd: [2004/12/16 12:11:57, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(307) name 'seanb' is not a local or domain group: 1 [2004/12/16 12:12:44, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(307) name 'seanb' is not a local or domain group: 1 [2004/12/16 12:12:44, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(307) name 'seanb' is not a local or domain group: 1 My questions: Does the @ in the user lists (such as @"Televox_1+techsupport") suggest it's a group? Should I not use that with individual user names? You can completely ignore/scratch all of this if you could simply suggest to me how to provide full access to certain group(s), read only to other group(s), and administrative to myself. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba