winbind win2k group error
Rui Claro
ruiclaro at icbas.up.pt
Thu Mar 20 14:24:28 GMT 2003
The thing is:
I'm using samba alpha22, installed from the binary rpm, as I'm using RedHat
7.3
I use samba as a Domain member of an AD Windows 2000.
If I execute "wbinfo -u", I get the AD users. "wbinfo -g" gets me the AD
groups.
If I execute "getent passwd" I see all users (there are only two user
accounts on the linux machine).
If I execute "getent group" I see both linux groups and AD groups.
So far so good.
If I share a dir so that it can be reached only to the members of @"Domain
Admins", no problem. Neither there is with @"Domain Users".
But if I create a Global Group (e.g. Group1) in Windows 2000 AD and use it
in smb.conf:
[ruisdir]
comment = Rui's Directory
path = /tmp/apagar
valid users = @"Domain Admins", @"Group1"
read only = No
guest ok = Yes
and try to access the share as a "Group1" member, I get no luck.
If I do: "id rclaro", which is a Group1's member, I get the following
uid=10004(rclaro) gid=10000(Domain Users) groups=10000(Domain
Users),10010(Group1)
In short: If I use a "custom" AD group, I cannot have access to a share that
uses it. In previous version (alpha21) the command "id rclaro" only showed
the primary group.
Here is a piece of my smb.conf:
[global]
workgroup = PORTO
realm = PORTO.ICBAS.UP.PT
ADS server = 192.168.1.150
netbios aliases = aulas
server string = Servidor para aulas
security = ADS
password server = 192.168.1.150
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = ~
winbind use default domain = Yes
Any help would be apreciated!
-------------------
Rui Claro
More information about the samba-technical
mailing list