[Samba] Samba & Windows 2003 AD
veronica.hill at optusnet.com.au
Tue May 23 10:19:41 GMT 2006
Firstly, winbind is going to be your best friend with AD, so yes set it
up. idmap_rid is particularly easy for companies with many sites that
need consistent UID & GID mapping. (think centralized backups using
rsync and you'll get the idea)
Secondly the Domain Users Group doesn't fully exist in any practical
way under Samba......
getent group | grep domain\ users
I think you'll see why...... This is a weird one that the Samba guys
haven't coded for yet (from what I remember). The domain users group
is "special" as in Microsoft special. I create shares that have access
to a specific group of users, because the DU group is unusable ( I
don't think that's FUD.... ). If I want access to be given to a large
group of users then I create a group specifically for that site / area
and add all users that are at that site / area into that group.
On 19 May 2006, at 00:54, stijn.mahieu at rp-mail.com wrote:
> I have joined my samba 3.0.7 server successfully to Windows 2003 ADS,
> Kerberos authentication seems to work fine, provided that the user also
> exists on the Linux machine. However, I can't seem to create a share
> grants access to the Domain Users Group. Will I need to set up Winbind
> that or is there a way to do this in my current setup? If I need to
> set up
> winbind, will I need to remove the ADS bits in my smb.conf file?
> Any tips are very much appreciated.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba