[Samba] Providing AD auth/access to only certain groups

Sean Barmettler seanb at televox.com
Thu Dec 16 18:29:55 GMT 2004 

Just as a follow up with more information I should have provided:

I'm deploying 6 servers, be it windows or linux (im trying to get this
working so it can be linux) for 6 departments here in this company.

Smbusers looks like this:
root = seanb administrator

I have POSIX acl's enabled on this kernel, from what I've read, im not
sure that it's required or not.  Any help here is appreciated.

-----Original Message-----
From: samba-bounces+seanb=televox.com at lists.samba.org
[mailto:samba-bounces+seanb=televox.com at lists.samba.org] On Behalf Of
Sean Barmettler
Sent: Thursday, December 16, 2004 12:22 PM
To: samba at samba.org
Subject: [Samba] Providing AD auth/access to only certain groups

My goal here is to share a directory that people ftp files to.

[global]
workgroup = TELEVOX_1
netbios name = samba
server string = Debian Mass Storage Device
security = domain
realm = TELEVOX_1.LOCAL
username map = /etc/samba/smbusers
#password server = *
encrypt passwords = yes

interfaces = 192.168.169.31
localmaster = no

winbind separator = +
winbind cache time = 10
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = Yes
template homedir = /home/%D/%U
template shell = /bin/bash
[ftp]
        comment = Mass Storage
        path = /home/ftp
        valid users = @"TELEVOX_1+TECHSUPPORT", @"TECHSUPPORT", @"Domain
Admins"
        admin users = @"TELEVOX_1+seanb", @"seanb", @"Domain Admins",
seanb
        read list = @"TELEVOX_1+Domain Users", @"Domain Users"

I'm getting this in log.winbindd:

[2004/12/16 12:11:57, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
  name 'seanb' is not a local or domain group: 1
[2004/12/16 12:12:44, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
  name 'seanb' is not a local or domain group: 1
[2004/12/16 12:12:44, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(307)
  name 'seanb' is not a local or domain group: 1

My questions:

Does the @ in the user lists (such as @"Televox_1+techsupport") suggest
it's a group?  Should I not use that with individual user names?

You can completely ignore/scratch all of this if you could simply
suggest to me how to provide full access to certain group(s), read only
to other group(s), and administrative to myself.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list