Hello, if I create a new group on samba 4 AD, like POLICIARN\comp11 on the next list. root at domain-server2:/# wbinfo -g POLICIARN\cert publishers POLICIARN\ras and ias servers POLICIARN\allowed rodc password replication group POLICIARN\denied rodc password replication group POLICIARN\dnsadmins POLICIARN\enterprise read-only domain controllers POLICIARN\domain admins POLICIARN\domain users POLICIARN\domain guests POLICIARN\domain computers POLICIARN\domain controllers POLICIARN\schema admins POLICIARN\enterprise admins POLICIARN\group policy creator owners POLICIARN\read-only domain controllers POLICIARN\dnsupdateproxy POLICIARN\comp11 How can I assign to a folder this group permission from command line ? root at domain-server2:/# chown root:"POLICIARN\comp11" /comp11 chown: invalid group: ?root:POLICIARN\comp11? /comp11 regards.
On 29/07/2020 20:59, jmpatagonia via samba wrote:> Hello, if I create a new group on samba 4 AD, like POLICIARN\comp11 on > the next list. > > root at domain-server2:/# wbinfo -g > POLICIARN\cert publishers > POLICIARN\ras and ias servers > POLICIARN\allowed rodc password replication group > POLICIARN\denied rodc password replication group > POLICIARN\dnsadmins > POLICIARN\enterprise read-only domain controllers > POLICIARN\domain admins > POLICIARN\domain users > POLICIARN\domain guests > POLICIARN\domain computers > POLICIARN\domain controllers > POLICIARN\schema admins > POLICIARN\enterprise admins > POLICIARN\group policy creator owners > POLICIARN\read-only domain controllers > POLICIARN\dnsupdateproxy > POLICIARN\comp11 > > How can I assign to a folder this group permission from command line ? > > root at domain-server2:/# chown root:"POLICIARN\comp11" /comp11 > chown: invalid group: ?root:POLICIARN\comp11? /comp11What is 'domain-server2' ? a DC or a Unix domain member ? Rowland
On 30/07/2020 01:10, jmpatagonia wrote:> is a dc samba 4adIn which case it looks like the libnss-winbind links haven't been created. There are two ways of doing this, depending on whether your Samba was self compiled or if you are using packages. See here for self compiled Samba: https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC If you are using packages, then you will need to install packages to do the above for you. Typically on Debian, you will need to install libnss-winbind, libpam-winbind and libpam-krb5, other distros will have similar packages. You will also need to ad 'winbind' to the 'passwd' & 'group' lines in /etc/nsswitch.conf Finally, I suppose that I should point out that we do not recommend using a DC as a fileserver, which is the only reason to make AD users & groups visible to the OS on a DC. Rowland