Hi List, I recently posted about problems i am having with deleting files belonging to members of the same unix group (as the mapped AD user that wants to delete the file via samba). I now figured out, that one possible solution is to map that unix Group to an AD group (while creating the AD group and adding users to it first). Question: Is local group membership (on the samba server) of the mapped AD user irrelevant in that case? (Is the membership to domain groups the only group information that counts here?) regards Markus -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl
On Mon, 2011-03-07 at 15:48 +0100, markus hansen wrote:> Hi List, > > I recently posted about problems i am having with deleting files belonging to members of the same unix group (as the mapped AD user that wants to delete the file via samba). I now figured out, that one possible solution is to map that unix Group to an AD group (while creating the AD group and adding users to it first). > > Question: Is local group membership (on the samba server) of the mapped AD user irrelevant in that case? (Is the membership to domain groups the only group information that counts here?) > > regards > > MarkusHi Markus, I cannot speak to an AD setup, but I can say that if a samba domain member server wants to authenticate against a samba pdc, you do not need to have those groups existing on your member server. I use samba member servers as workstations, and I have modified the nsswitch.conf and pam.d files with winbind such that the username/password are not authenticated on the local box, nor are group file permissions to mounted shares. I can assign group permissions that do not exist on the local box to files that do exist on the local box. In theory you should be able to do the same...> > > > -- > GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit > gratis Handy-Flat! http://portal.gmx.net/de/go/dslBob Miller 334-7117/660-5315 http://computerisms.ca bob at computerisms.ca Network, Internet, Server, and Open Source Solutions
From: "markus hansen" <hansenmarkus at gmx.de> Subject: [Samba] group mapping question Date: Mon, 07 Mar 2011 15:48:46 +0100> I recently posted about problems i am having with deleting files belonging to members of the same unix group (as the mapped AD user that wants to delete the file via samba). I now figured out, that one possible solution is to map that unix Group to an AD group (while creating the AD group and adding users to it first). > > Question: Is local group membership (on the samba server) of the > mapped AD user irrelevant in that case?If you enable Winbind, local UNIX group membership will be ignored. (Is the membership to domain groups the only group information that counts here?) You can create "local group" of Windows semantics with "net sam createlocalgroup" or "net groupmap add ... type=local", but it's not local UNIX group. --- TAKAHASHI Motonobu <monyo at monyo.com>