Using Local Groups with AD Domain Users for Samba Shares
Marko Myllynen
myllynen at redhat.com
Tue Oct 30 03:05:02 MDT 2012
Hi,
On 2012-10-26 16:42, Andreas Schneider wrote:
> On Friday 19 October 2012 12:39:07 Marko Myllynen wrote:
>
>> in Samba 4 the "security = server" mode was removed making it a hard
>> requirement to use "security = ads" in AD environments to allow users to
>> access Samba shares with their AD username/password. While the server
>> mode had many problems [1] it allowed administrators to use local/NSS
>> groups to control access to shares while still allowing users to
>> authenticate with their AD username/password.
>
> net sam createlocalgroup wurst
> net addmem wurst SAMBA\asn
>
> [myshare]
> valid users = @wurst
thanks, this is indeed very helpful in the case you have only a handful
of users which need to be added to a non-domain group. However, as
mentioned off-list, this approach has the problem that you'll need to
duplicate and maintain your current (e.g. NIS) group information in the
local database which might cause too much overhead with larger groups.
Thanks,
--
Marko Myllynen
More information about the samba-technical
mailing list