[Samba] AD Member server and local UNIX groups
Robert M. Martel - CSU
r.martel at csuohio.edu
Wed Nov 12 16:19:22 GMT 2008
Greetings,
I hope someone can tell me if what I want to do is possible with Samba
or not. I have been searching for info and found a number of people
with similar problems, but not an answer.
I have a Samba server (3.2.4) running on a Solaris 10 machine which is a
member server in Active Directory (AD). I am using winbind. The AD
users can access the samba server shares and UNIX services.
I want to control access to some samba shares by putting a group name
in a 'valid users' entry for the share (as I have done in the past when
we had a samba-based PDC.)
Our AD system is strictly HANDS-OFF, I cannot make any changes to it,
cannot add groups, cannot change group memberships. It is run by a
different department. So I cannot create my groups on the AD server.
I had thought I could add AD users as members to the local UNIX groups
on the samba server and use those group names on my "valid users" lines
in smb.conf.
When I tried that what I mostly see is the following in the logs:
smblog.client: User CSUNET\martel-test not in 'valid users'
smblog.client: User CSUNET\1001362 not in 'valid users'
So, is what I want to do even possible? If it is not, how do others
work around group membership issues - I can't be the only person running
a samba server where they are not permitted to alter the AD setup. I
can list AD users one at a time on the 'valid users' entry, but that
will get cumbersome pretty quickly.
Thanks in advance
Bob Martel
--
***********************************************************************
Bob Martel,System Administrator I met someone who looks a lot like you
Levin College of Urban Affairs She does the things you do
Cleveland State University But she is an IBM
(216) 687-2214
r.martel at csuohio.edu -Jeff Lynne
***********************************************************************
More information about the samba
mailing list