[Samba] AD user not honouring local group membership
pubsyssamba at bbc.co.uk
Thu Mar 11 13:17:25 GMT 2004
Without going into details I cannot currently use winbind for AD group data with Samba 3.0.x running on Solaris.
I Would like to use winbindd for reading user accounts from AD and then have those AD accounts as members of local (LDAP eventually)
groups. I have taken a test user "UserAW6" which is visible to Solaris via winbind and added them to a group "PrnAdm" in /etc/group. I have
mapped the UNIX group to a Windows group with "net groupmap" and then permissioned a directory to the NTGroup from a Windows client
system. From the UNIX command line I can "su" to UserAW6 and can access the folder as expected, but from my Windows client I cannot
access the directory because I get "access is denied" error!
My /etc/nsswitch.conf has the following entries for passwd and group
The following winbind related settings are in my smb.conf
winbind separator = +
winbind cache time = 300
winbind use default domain = Yes
template shell = /bin/sh
template homedir = /tmp
idmap uid = 10000-600000
idmap gid = 10000-600000
winbind enum groups = no
winbind enum users = yes
allow trusted domains = no
Why does Samba ignore my AD account's membership of a local UNIX group? Is what I'm attempting possible/supported within Samba, any
suggestions? I'm running Samba 3.0.2a on Solaris 8.
thanks in advance, Andy.
More information about the samba