[Samba] Local groups with ADS users
rascasoft at tiscali.it
Fri May 26 12:35:37 GMT 2006
I've configured SAMBA for joining the ADs of the place where i work, and
everything is working fine. This means that with "getent passwd" i see
all the local and the ADS users, i am also able to log into my machine
via ssh by using the pam_winbind module and so on.
I've configured some directories that are shared by samba and are
property of their owners and also this thing is working fine.
What i want to do now is to grant the write permission in a directory to
a local group composed by ADs users.
I've defined the directory in smb.conf :
comment = TEST
path = /samba/TEST
browseable = No
public = No
read only = Yes
write list = @ADGROUP
and created the group :
but it's impossible to modify the AD user by using usermod for including
him in my group :
# usermod -G ADGROUP MYDOMAIN+myuser0
usermod: MYDOMAIN+myuser0 not found in /etc/passwd
and this for me is almost clear, because if usermod search only in
passwd it will not find anything. So i've added manually the user to the
group in the /etc/group file :
# tail -1 /etc/group
This seems to work, because if i run this command :
# groups MYDOMAIN+myuser0
MYDOMAIN+myuser0 : MYDOMAIN+group1 ADGROUP
i receive what i'm expecting to receive.
The permission on the directory that i'm sharing are these :
drwxrwx--- 2 root ADGROUP 4096 May 26 11:48 TEST
But once restarted samba, i'm unable to access to this directory with
the ADs user.
What this problem maybe ? Is this a good way for proceding considering
that i can't do any kind of modifications in the ADs server ? There's a
better way to do what i wanto to do ?
Let me know if i made myself clear and...Thanks for any help i will receive.
"Il regno dei cieli e' simile ad un mercante che va in cerca di
perle preziose. Trovatane una di grande valore va, vende tutti
i suoi averi e la compra" - Gesu' Cristo
More information about the samba