Hello
i like to give a windows group (W2K3-AD) permissions to use a share
read/write on a Samba domain member server. Therefore if have added
the Samba server to the domain without problem and created a share
like this:
[bild]
comment = Some Comment
path = /data/bild
admin users = root
force user = smbuser
force group = sambashare
valid users = DOMAIN\w-user1 @DOMAIN\w-group1
guest ok = no
read only = no
writeable = yes
browseable = yes
The windows domain user "w-user1" work as it should, but no member of
the windows group "w-group1" can access the share. If have also tried
mapping the windows group to the Unix group "sambashare" with
"username map" but always get access denied eg. asked for a windows
user.
Can please someone give a hint how to grant access for a windows group
without adding/removing the members to a Unix group?
Many Thanks
Andi
It's easiest to tell samba to allow everyone access to the share, and use
ACL's on the Linux filesystem to restrict access.
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of lst_hoe02 at kwsoft.de
Sent: Friday, November 16, 2012 8:55 AM
To: samba at lists.samba.org
Subject: [Samba] grant windows group share permission
Hello
i like to give a windows group (W2K3-AD) permissions to use a share read/write
on a Samba domain member server. Therefore if have added the Samba server to the
domain without problem and created a share like this:
[bild]
comment = Some Comment
path = /data/bild
admin users = root
force user = smbuser
force group = sambashare
valid users = DOMAIN\w-user1 @DOMAIN\w-group1
guest ok = no
read only = no
writeable = yes
browseable = yes
The windows domain user "w-user1" work as it should, but no member of
the windows group "w-group1" can access the share. If have also tried
mapping the windows group to the Unix group "sambashare" with
"username map" but always get access denied eg. asked for a windows
user.
Can please someone give a hint how to grant access for a windows group without
adding/removing the members to a Unix group?
Many Thanks
Andi
On 16/11/12 13:55, lst_hoe02 at kwsoft.de wrote:> Hello > > i like to give a windows group (W2K3-AD) permissions to use a share > read/write on a Samba domain member server. Therefore if have added > the Samba server to the domain without problem and created a share > like this: > > [bild] > comment = Some Comment > path = /data/bild > admin users = root > force user = smbuser > force group = sambashare > valid users = DOMAIN\w-user1 @DOMAIN\w-group1 > guest ok = no > read only = no > writeable = yes > browseable = yes > > The windows domain user "w-user1" work as it should, but no member of > the windows group "w-group1" can access the share. If have also tried > mapping the windows group to the Unix group "sambashare" with > "username map" but always get access denied eg. asked for a windows user. > > Can please someone give a hint how to grant access for a windows group > without adding/removing the members to a Unix group? > > Many Thanks > > Andi > > >Hi, just a few pointers: You can remove the 'admin users' line, here you are giving 'root' root privileges You only need one of the 'read only' & 'writeable' lines, they both mean the same, I suggest using 'read only' Finally, try removing the @ sign, I do not think you need it with winbind (I take it you are using winbind) Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.