[Samba] Samba 4.0.8 on RHEL 6.2 how to grant permissions via Windows to unix users/groups?
Kristy Kallback-Rose
kallbac at iu.edu
Fri Aug 16 14:47:57 MDT 2013
I have built from source Samba 4.0.8 on RHEL 6.2.
I want users to be able to change permissions via Windows, but I don't see how to do that for the unix users and groups in the Windows permission screens. When I create a folder, for example, and right-click to get properties and click on the security tab I can see under "Group or user names:" Everyone, kallbac (Unix User\kallbac) and blah (Unix Group \blah)
However, when I click edit and try to add additional permissions I have our ADS server as the default "from this location" option and can change that to the server running Samba. However, I cannot select any groups using this option --none are returned and I get "An object named "blah" cannot be found…" even though the group is returned with getent group.
I am wondering if there is a problem between the username at ADS.IU.EDU returned from getent vs. the unix username that appear in the Windows permission, but I don't know how to resolve that. Any ideas?
Additional info below, let me know if something else is useful.
Thanks,
Kristy
I have a GPFS share with the following smb.conf settings:
[gpfs_export]
comment = gpfs export
path = /gpfs/gpfs_export
public = yes
writable = yes
printable = no
vfs objects = gpfs fileid
idmap backend = tdb2
fileid:mapping = fsname
gpfs:sharemodes = No
force unknown acl user = yes
nfs4: mode = special
nfs4: chown = yes
nfs4: acedup = merge
I am using Kerberos/AD to authenticate and can connect to the share. Relevant settings are:
workgroup = ADS
security = ADS
realm = ADS.IU.EDU
password server = ads.iu.edu
passed and groups should be coming from files and ldap per nsswitch.conf:
passwd: files ldap
group: files ldap
For my own account I see:
getent passwd | grep kallbac
kallbac:{KERBEROS}kallbac at ADS.IU.EDU:12108:236:Kristy Kallback-Rose:/N/u/kallbac:
More information about the samba
mailing list