Kristy Kallback-Rose
2013-Aug-16 20:47 UTC
[Samba] Samba 4.0.8 on RHEL 6.2 how to grant permissions via Windows to unix users/groups?
I have built from source Samba 4.0.8 on RHEL 6.2. I want users to be able to change permissions via Windows, but I don't see how to do that for the unix users and groups in the Windows permission screens. When I create a folder, for example, and right-click to get properties and click on the security tab I can see under "Group or user names:" Everyone, kallbac (Unix User\kallbac) and blah (Unix Group \blah) However, when I click edit and try to add additional permissions I have our ADS server as the default "from this location" option and can change that to the server running Samba. However, I cannot select any groups using this option --none are returned and I get "An object named "blah" cannot be found?" even though the group is returned with getent group. I am wondering if there is a problem between the username at ADS.IU.EDU returned from getent vs. the unix username that appear in the Windows permission, but I don't know how to resolve that. Any ideas? Additional info below, let me know if something else is useful. Thanks, Kristy I have a GPFS share with the following smb.conf settings: [gpfs_export] comment = gpfs export path = /gpfs/gpfs_export public = yes writable = yes printable = no vfs objects = gpfs fileid idmap backend = tdb2 fileid:mapping = fsname gpfs:sharemodes = No force unknown acl user = yes nfs4: mode = special nfs4: chown = yes nfs4: acedup = merge I am using Kerberos/AD to authenticate and can connect to the share. Relevant settings are: workgroup = ADS security = ADS realm = ADS.IU.EDU password server = ads.iu.edu passed and groups should be coming from files and ldap per nsswitch.conf: passwd: files ldap group: files ldap For my own account I see: getent passwd | grep kallbac kallbac:{KERBEROS}kallbac at ADS.IU.EDU:12108:236:Kristy Kallback-Rose:/N/u/kallbac: