[Samba] ADS Authentication
Christoph Scheeder
christoph.scheeder at scheeder.de
Thu Dec 9 08:24:36 GMT 2004
Hi again,
the answer is simple : you don't need "net groupmap" at all.
thats what the id-ranges in smb.conf are for:
the ADS-users and the ADS-groups are mapped by winbind to
user /group id's from the ranges specified and era presented
by nsswitch to the os like any other user group from local
files or nis.
This means if you want a dir "SomeDir" to be owed by lets say "domain-users"
do a
chown someuser.domain-users SomeDir
thats all you need.
same for acls, just use the ADS-group like any unix-group.
Christoph
Tom Skeren schrieb:
> OK Christopher, samba is authenticating, if a bit oddly (some XP
> machines can use \\sserver\fsk others need to use \\ipaddy\fsk---not a
> huge problem).
>
> However I don't think I'm grasping the "net groupmap" function. I was
> of the belief that if I did this:
>
> net groupmap add ntgroup="nt-group" unixgroup=(some group in
> /etc/group), then ADS members in "nt-group" would be mapped to the unix
> group. Thus when I setfacl on that directory with the unix mapped group
> rwx, then ADS members of the nt-group would have rwx permissions.
> However, when I log in to the share, the smaba server terminal burps up:
>
> smbd[582] chdir (/home/FSK) failed
>
> I must be missing something. Any thoughts would be appreciated.
>
More information about the samba
mailing list