Tom Noonan II
2012-Mar-07 23:03 UTC
[Samba] Local group auth not working for domain members with SECURITY=ADS
I have a Samba 3.5.10 (Cent 6) server succesfully joined to the domain. Domain logins and domain group control are working. I have a share configured with "valid users = +unixgroup" that my domain user cannot access but my local unix user can. The only group related error message is coming from string_to_sid(), which I am confident is a red-herring. My goal in this experiment is to try and get NSS based group access working, so that I can expand to non-AD group lists. I have a rather convoluted auth backend that I'm trying to glue Samba onto, and I don't control the AD servers. I have tried "net sam mapunixgroup unixgroup" but that did not change the result. I did not try adding users to the group via "net sam" as that is not a workable solution for my end goal. My question at this time is if this is behavior is expected. Will Samba check the NSS groups for domain members? Also, I see samba calls getgrouplist() samba3/lib/from system_smbd.c. Is this code executed for domain member lookups? Thanks in advance. -- Tom Noonan II ESL Technician - Randstad
Maybe Matching Threads
- Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration
- Winbind: disable UDP/137 broadcasts
- Windows 7 attempting to access Samba over port 80
- Patch for NGROUPS_MAX on FreeBSD with more then 64 groups
- domain/unix groups and valid users parameter
Wisdom of the Ancients
