Hubert, Laurent
2013-Dec-06 19:31 UTC
[Samba] adding AD domain users in local Linux group for acces to share
Hello,
It seems that domain user can access share when they are specified in
"valid list" but not when
"valid list" use local group definition.
First if added the domain user "duser" to the group
"lgroup" in /etc/group
Then i defined a samba share and add the domain user "duser in the
"valid list"
[lgroup]
comment = Dossier pour le groupes des Technologues clinique du CIMS
path = /export/groups/lgroup
writeable = yes
write list = duser
valid users =duser
create mode = 0770
directory mode = 0770
In that case I can access the share with "smbclient //host/lgroup -U
duser"
While if I use "write list = @lgroup" and " valid users
=@lgroup" I cannot access the share.
On the other hand, "duser" can access the system thought ssh and write
inside "/export/groups/lgroup"
as unix right are the following
drwxrws- - - root lgroup /export/groups/lgroup
Here extract from /etc/group
....
lgroup:x:1505:duser
...
and from /etc/samba/smb.conf
...
idmap config *:backend = tdb
idmap config *:range = 5000-49999
idmap config myDOMAIN:backend = rid
idmap config myDOMAIN:range = 50000-99999
winbind use default domain = yes
winbind nested groups = yes
winbind enum groups = yes
winbind enum users = yes
Thanks
Laurent
--
Laurent Hubert, PhD
Professionnel de recherche
Administration de syst?mes Linux, d?ploiement de solutions Open Source
Centre d'imagerie mol?culaire de Sherbrooke
Centre hospitalier universitaire de Sherbrooke
819 346 1110 x 11836
pagette: 6475
http://www.cims.med.usherbrooke.ca<http://www.cims.med.usherbrooke.ca/>
Laurent Hubert
2013-Dec-09 20:57 UTC
[Samba] (SOLVED) adding AD domain users in local Linux group for acces to share
Solved.
The actual solution comes reading
http://samba.2283325.n4.nabble.com/Using-Local-Groups-with-AD-Domain-Users-for-Samba-Shares-td4639133.html
which used the "net sam createlocalgroup" and "net sam
addmem" command
as in
net sam createlocalgroup wurst
net sam addmem wurst SAMBA\asn
[myshare]
valid users = @wurst
--
View this message in context:
http://samba.2283325.n4.nabble.com/adding-AD-domain-users-in-local-Linux-group-for-acces-to-share-tp4657677p4657803.html
Sent from the Samba - General mailing list archive at Nabble.com.
Apparently Analagous Threads
- How to keep idmapping, when Samba servers becomes part of a Windows AD from a larger organisation.
- Extending lwpsinfo_t with pr_lgrp for DTrace consumers
- S4 Cannot Unlock Account
- Rearranging variables in table in non-alphabetical (manually specified) order
- Centos 4.3 32 bit -CIFS VFS: Send error in Close = -9