[Samba] users via winbind and using @group in smb.conf
James A. Dinkel
jdinkel at bucoks.com
Thu Dec 28 17:10:58 GMT 2006
> -----Original Message-----
> From: Stefan Froehlich
> Sent: Thursday, December 28, 2006 9:43 AM
>
> Hello,
>
> I have two samba servers, A is configured as a PDC, B offers some
> additional shares. B is getting usernames and passwords via winbind
> from a, using the following configuration directives:
>
> | idmap uid = 100-999
> | idmap gid = 100-999
> | winbind enum users = yes
> | winbind enum groups = yes
> | winbind use default domain = yes
>
> This is basically working fine, local ssh login is ok, getent shows
> all remote users and passwords.
>
> Now B needs to define some additional, local groups containing the
> names of remote users. In /etc/group the usernames have been added
> (without the DOMAIN\ prefix, as "use default domain" is set). On the
> command line, this is working as well ("groups" does show the local
> group for the remote users).
>
> But what das NOT work is to assign a samba share on B to this local
> group. I tried
>
> | valid users = @group
>
> as well as
>
> | valid users = @DOMAIN\group
>
> but both ways all I get is NT_STATUS_ACCESS_DENIED.
>
> How do I have to write this in order to get access for remote group
> members in a locally defined group?
>
> Ciao,
> Stefan
>
I don't see anything wrong with the little bit you've posted. You might
post your entire smb.conf.
More information about the samba
mailing list