[Samba] Providing AD auth/access to only certain groups
Sean Barmettler
seanb at televox.com
Thu Dec 16 18:21:47 GMT 2004
My goal here is to share a directory that people ftp files to.
[global]
workgroup = TELEVOX_1
netbios name = samba
server string = Debian Mass Storage Device
security = domain
realm = TELEVOX_1.LOCAL
username map = /etc/samba/smbusers
#password server = *
encrypt passwords = yes
interfaces = 192.168.169.31
localmaster = no
winbind separator = +
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = Yes
template homedir = /home/%D/%U
template shell = /bin/bash
[ftp]
comment = Mass Storage
path = /home/ftp
valid users = @"TELEVOX_1+TECHSUPPORT", @"TECHSUPPORT", @"Domain
Admins"
admin users = @"TELEVOX_1+seanb", @"seanb", @"Domain Admins",
seanb
read list = @"TELEVOX_1+Domain Users", @"Domain Users"
I'm getting this in log.winbindd:
[2004/12/16 12:11:57, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
[2004/12/16 12:12:44, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
[2004/12/16 12:12:44, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
name 'seanb' is not a local or domain group: 1
My questions:
Does the @ in the user lists (such as @"Televox_1+techsupport") suggest
it's a group? Should I not use that with individual user names?
You can completely ignore/scratch all of this if you could simply
suggest to me how to provide full access to certain group(s), read only
to other group(s), and administrative to myself.
More information about the samba
mailing list