[Samba] Re: domain users in local groups with Winbind/Samba/Redhat

Chris de Vidal cdevidal at yahoo.com
Fri Feb 14 19:07:04 GMT 2003 

--- David Boynton <david.boynton2 at asu.edu> wrote:
> Well, I got this to work once by manually editing
> the /etc/group file, like 
> adding the line:
> 
> localgroup:x:<gid>: domain+user1,domain+user2,etc
> 
> I don't know if this is a safe thing to do, however.
> :)

I don't believe you can safely manually edit this
file, as you would probably also have to edit
/etc/gshadow to match.  Unix/Linux has a tool called
gpasswd that will do this for you:
gpasswd -a <user> <group>

It lets you add users to a group without them existing
in /etc/passwd (they don't even have to exist at all).
 Combine this with "winbind use default domain = yes"
in smb.conf and you're ready to go.

For example, in the domain ABC for the user john, do
this to add him to a 'local' Unix group called
smbusers:

gpasswd -a john smbusers

With "winbind use default domain = yes" you don't need
to prefix it with your domain.  Slick, huh?  (:

Good luck,
/dev/idal


> On Friday 14 February 2003 03:37 am, Matthias Rutzki
> wrote:
> > Hi,
> >
> > I am running a Samba 2.2.7a on Redhat 7.3 in a NT
> domain. For
> > authentication I am using the domainusers.This is
> done by Winbind 2.2.7a
> > which verifies the existens of the users on the
> PDC. So I dont't have to
> > create local users (/etc/passwd) for users who
> want to connect to the
> > shares in the smb.conf. I authorise them by adding
> valid users =
> > domain+domainuser to the smb.conf. This works very
> well.
> > Now my problem:
> > By writing valid users = @localgroup or
> +localgroup
> > I can authorise local groups (/etc/group) to
> connect to the shares.
> > Now I want to add the domainusers to some local
> groups.Putting the
> > domainusers in groups should save much time
> because otherwise I have to add
> > each domainuser for every share seperatly.
> > E.g. valid users = domain1+domainuser
> domain2+domainuser2....
> > I have tried it with: usermod -g localgroup
> domain+domainuser
> > which ends in this message: usermod:
> domain+domainuser not found
> > /etc/passwd I know this is message is right
> because there is no domainuser
> > in
> > /etc/passwd.
> But how can I assort the domainusers?
> > Is there a way to use groups of domainusers who
> are verified by winbind in
> > the smb.conf?

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com

More information about the samba mailing list