Yes I do that using:
valid users = @ad\securitygroupname
works like a charm.
also in my config, don't know if it relates:
workgroup = AD
realm = AD.MYDOMAIN.XXX
On Tue, Feb 1, 2011 at 5:57 AM, julien mabillard <jma at mbuf.net> wrote:
> Hello,
> I post here my question after having spent time on google and forums
> and documentation to find a clue.
>
> I use:
> GNU/Linux RHEL5 x86_64
> Samba Version 3.5.6
> Active Directory 2003 on Windows 2003/2008
>
> I want to allow an authenticated user (AD authenticated) to access
> a share partition under samba only if one of his secondary groups
> is a defined one.
>
> ex: user joe
> uid=4001(joe) gid=4010(domain users) groups=4010(domain users),
> 4011(IT),4012(operations)
>
> I want to be able to only allow group 'operations' to access the
> share. I was trying to use : valid users = @operations
> or : valid users = @MYDOM\operations
>
> But I only get success with the gid 'domain users'.
>
> Can someone tell me if this is possible to do?
>
> Thank you very much.
>
>
> --
> refs : https://mbuf.net/
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>