Albrecht Dreß
2005-Apr-29 07:13 UTC
[Samba] Q: windbind, local groups and domain user membership?
Hi, I run a Fedora 2 box with Samba 3.0.10 as a domain member. The PDC is a Win server with AD. Running winbind, all domain users and groups are visible on the Samba box. To grant a special group of domain users access to parts of a samba share, I would like to - add a *local* group on the samba box (*not* in AD!) and - add some *domain* users to this new group. Unfortunately the trick of adding a local unix group doesn't work as samba apparently doesn't take them into account, so I guess I have to add the group to winbind. However, the wbinfo man page only describes how I could add a local user to a local group, not a domain user. Maybe I'm just too dumb to understand the man pages - any advice how to get this setup working would be really welcome! Cheers, Albrecht -- LIOS Technology GmbH Dr. Albrecht Dre? Project Engineering / Software Design Schanzenstrasse 6 - 20 D-51063 K?ln Germany Phone +49 221 676 2742 Fax +49 221 676 2069
Joris De Pooter
2005-Apr-29 10:14 UTC
[Samba] Q: windbind, local groups and domain user membership?
Albrecht Dre? a ?crit :> Hi, > > I run a Fedora 2 box with Samba 3.0.10 as a domain member. The PDC is > a Win server with AD. > > Running winbind, all domain users and groups are visible on the Samba > box. > > To grant a special group of domain users access to parts of a samba > share, I would like to > > - add a *local* group on the samba box (*not* in AD!) and > - add some *domain* users to this new group. > > Unfortunately the trick of adding a local unix group doesn't work as > samba apparently doesn't take them into account, so I guess I have to > add the group to winbind. However, the wbinfo man page only describes > how I could add a local user to a local group, not a domain user. > > Maybe I'm just too dumb to understand the man pages - any advice how > to get this setup working would be really welcome! > > Cheers, > Albrecht >To manipulates a domain user, you have to use its FQN (fully qualified name): assuming you have a domain called CRAPULE and a user called brigand, and the winbind separator = + (in smb.conf) then, it's name is CRAPULE+brigand -- Joris De Pooter