similar to: Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)

On 15.01.15 09:52, Peter Serbe wrote: > On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > >> What works: > ... >> - getfacl / setfacl setting with domain object names. >> >> My issue: >> Authorization is not working. For example: >> - Write list / read list / valid users options in smb.conf are not >>

On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > What works: ... > - getfacl / setfacl setting with domain object names. > > My issue: > Authorization is not working. For example: > - Write list / read list / valid users options in smb.conf are not > honored. ... > - Skipped the samba authorization and moved this to the filesystem

Hi, On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > Hello all, > > after spending the last days fighting and researching I hope someone can > point me to an solution here. > > Even if I am using Debian / Ubuntu since years I wouldn?t consider myself > as a Linux professional. I have some experience though. > > What I try to

Hello all, after spending the last days fighting and researching I hope someone can point me to an solution here. Even if I am using Debian / Ubuntu since years I wouldn?t consider myself as a Linux professional. I have some experience though. What I try to accomplish: - Centrally administrated groups for file services. Right now it is only one server but there will be more. Setup: - System

On 23/03/16 20:16, Joseph Dickson wrote: >> OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If >> you create a directory on Unix that you want to share, set the owner:group >> to root:'Domain Admins' and permissions to 0770. You will then be able to >> set the permissions from windows or with setfacl on the Unix machine, you >>

On 23/03/16 16:18, Joseph Dickson wrote: > Thanks for the reply! I'm confused on a few bits: > > > To change a users primary group is a bit like jumping through hoops, you >> have to add the user to the group that you want to be the new primary >> group, then change the primaryGroupID attribute to contain the RID of the >> new group and then finally add the user

> > OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If > you create a directory on Unix that you want to share, set the owner:group > to root:'Domain Admins' and permissions to 0770. You will then be able to > set the permissions from windows or with setfacl on the Unix machine, you > do not need the 'force group' lines in smb.conf,

See inline comments On 23/03/16 15:32, Joseph Dickson wrote: > Greetings! > > I am working with Samba 4 as a domain member fileserver (not a domain > controller, just a normal ads member fileserver). Operating system is > Centos 7. SSSD is configured and pulling information correctly. > > I had to work around a bug that wasn't fixed in a released version, so I am >

Thanks for the reply! I'm confused on a few bits: To change a users primary group is a bit like jumping through hoops, you > have to add the user to the group that you want to be the new primary > group, then change the primaryGroupID attribute to contain the RID of the > new group and then finally add the user to the 'Domain Users' group. If I > were you, I wouldn't

> > Can you check if this file exists: > /usr/local/samba/lib/security/pam_winbind.so For historical reasons, I used a prefix of /opt/samba when I compiled: [root at smbfs1 shares]# ls -al /opt/samba/lib/security/pam_winbind.so -rwxr-xr-x 1 root root 63837 Mar 17 19:54 /opt/samba/lib/security/pam_winbind.so relevant config lines in case they are helpful: [global] lock directory =

Greetings! I am working with Samba 4 as a domain member fileserver (not a domain controller, just a normal ads member fileserver). Operating system is Centos 7. SSSD is configured and pulling information correctly. I had to work around a bug that wasn't fixed in a released version, so I am using a recent copy from git.. smbd -V: Version 4.5.0pre1-GIT-c06058a I'm relying on Windows

Hi, I?ve added an existing group (?2d3d?) to an existing user (?jschopp?) on our AD server. When I execute ?id jschopp? the new group membership is not reflected: # id jschopp uid=1333(jschopp) gid=2020(dom?nen-benutzer) groups=2020(dom?nen-benutzer),610(BUILTIN+users) This is a strange behavior. Is this a caching issue? Kind regards, Martin AD: Windows Server 2008 RC2 with Windows Services

I've got a relatively simple permissions scheme I need to implement, and I'm having issues with group membership. I have a share that I need to grant an active directory group full control to. If I add an AD user to the ACL on the directory that is the root of the share, the user can access it. If I add an AD group to the ACL on that same directory, group members cannot access the

I have 4 Samba 4.7.0 DCs. I have 3 clients using samba-winbind.x86_64 0:4.6.2-11.el7_4 with an identical configuration, which produce inconsistent user group membership for multiple users. I've tried using all 4 DCs explicitly (e.g., realm = dc01.mediture.dom), net cache flush and restarting winbind. I've also tested cloning a user and setting up the user as identical as possible:

Hello Samba Gurus, Is using the winbind name service required in order to get authentication AND authorization via ADS? I'll explain further. Goal: create samba share for which clients are authenticated via native ADS and access is based on ADS group membership. I've actually done this in the old Windows NT world. Worked okay. It's wasn't too hard, except for the winbind

I'm not sure where the problem is, but security group membership and access to sub-directories is giving me fits. Take 2 unique security groups as example, group1 and group2. If within my top level share there is a directory labeled marketing and a second directory labeled legal, where group1 and group2 are assigned to marketing and legal respectively, then the group1 members should not

Hi Volker, thank you for your answer. What do you mean? Restarting winbind? Kind regards, Martin > Martin Markert Systems Integrator Tuerkenstr. 89, 80799 M?nchen / Germany Phone +49 89 3809-1848 EMail MMarkert at arri.de Visit us on Facebook!Am 08.06.2015 um 13:06 schrieb Volker Lendecke <Volker.Lendecke at SerNet.DE>: > > On Mon, Jun 08, 2015 at 10:46:33AM +0000,

To start, I've been using Samba for almost 20 years. I wanted to use Samba as an AD DC for my businesss. Ubuntu 14.04 comes with Samba 4.1.6. This is a little out of date right now as 4.1.13 is available and 4.2 is in release candidate status, but it works. I used the Samba AD DC Howto (https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO) as an aid to get it going, but there were some

On 18/11/15 10:27, Jeff Dickens wrote: > > > On Nov 18, 2015 4:35 AM, "Rowland Penny" <rowlandpenny241155 at gmail.com > <mailto:rowlandpenny241155 at gmail.com>> wrote: > > > > On 17/11/15 23:09, Jeff Dickens wrote: > >> > >> So I am still stuck. For reference here is the smb.conf on the > member server: > >> >

On Wed, Nov 18, 2015 at 6:00 AM, Rowland Penny <rowlandpenny241155 at gmail.com > wrote: > On 18/11/15 10:27, Jeff Dickens wrote: > >> >> >> On Nov 18, 2015 4:35 AM, "Rowland Penny" <rowlandpenny241155 at gmail.com >> <mailto:rowlandpenny241155 at gmail.com>> wrote: >> > >> > On 17/11/15 23:09, Jeff Dickens wrote: