[Samba] Problems regarding permissions for active directory users.
Richard Nordlund
rno at cma.se
Thu Jun 3 12:16:12 GMT 2004
Hi,
I managed to get Samba 3.0.4 running on FreeBSD together with Heimdal
Kerberos and winbind to authenticate users against our active directory.
As a Windows XP client access the shares, their username and group is
successfully checked (I know this from smbstatus), but I cant seem to be
able to set the permissions right.
For example, for a public share, I want the group Domain Users
("@EUROPE+Domain Users") to be have to read permissions, and the group
Domain Admins to have read/write permissions.
When I manage to allow read/write for the domain admins, the domain
users do not even gain access to the resource.
After messing around with this for the past couple days, I suspect it
has something do to with active directory users and groups not being
properly mapped to UNIX users and groups. I don't know how to do this,
and have been able to find very little information on this topic. It
might also have something to do with my poorly configured smb.conf.
Thank you for any help...
//Richard.
bash-2.05b# cat /usr/local/etc/smb.conf
[global]
workgroup = EUROPE
realm = EUROPE.LOCAL
server string = FreeBSD Server 01
security = ADS
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
[public]
comment = Public stuffs
path = /usr/home/public
valid users = '@EUROPE+Domain Admins', '@EUROPE+Domain Users'
admin users = '@EUROPE+Domain Admins'
read list = '@EUROPE+Domain Users'
write list = '@EUROPE+Domain Admins'
read only = No
[volume01]
comment = Volume One
path = /usr/volume01
valid users = '@EUROPE+Domain Users'
write list = '@EUROPE+Domain Admins'
create mask = 0664
directory mask = 0775
bash-2.05b#
.........................................................
Note: Both shares are for testing purposes - im trying as much as
possible to achieve the above-stated effect.
More information about the samba
mailing list