[Samba] Group sharing between NT and Linux domains
Gémes Géza
geza at kzsdabas.sulinet.hu
Mon Nov 10 21:31:48 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Carl J. Hilinski írta:
| I need a little better information regarding the mapping of groups
| between an NT PDC and a SAMBA PDC, which trust each other.
|
| On the NT machine is a group called "ntgreen." On the Linux box (running
| RH9 with Samba 3.0), there is a group called "lxgreen".
|
| I've done a: net groupmap add ntgroup=ntgreen unixgroup=lxgreen. The
| mapping shows up in a net groupmap list.
|
| However, when a member of the ntgreen group logs in on the NTPDC and
| attempts to access a share in the SAMBA-controlled domain that is
| supposed to be restricted to the lxgreen group, access is denied. The
| user can access shares that are open to all users.
|
| I am obviously missing something here.
Your problem is that in SMB/CIFS world access isn't granted by name, but
by SID. So having the groupnames maped each to other doesn't buy
anything to you except some confusion :-(. Despite the fact that I'm
absolutely not an expert of domain trust (I was doing everything, to
have a single domain ;-), for simlicity), I would suggest, to grant
access to your ntgroup, by granting access to NTDOMAIN+ntgroup, or
whatever your winbind separator would be.
Good Luck!
Geza Gemes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/sAPE/PxuIn+i1pIRAvZoAKCiyQj6pG2N2kMbNlUfqwz3h0H7lQCaA3xX
g2C213g6q4sizdGnnU3yob4=
=YZtl
-----END PGP SIGNATURE-----
More information about the samba
mailing list