[Samba] Winbind and groups
Ben Vaughan
bvaughan at global-com.com
Tue Dec 11 16:30:27 GMT 2007
Hello Friendly Samba People,
I have a working samba install that allows my AD users access to files on my linux box. The linux box is configured via Winbind as a domain member and uses Winbind as the local NSS. I can successfully resolve both users and groups from the AD. Users are currently able to access the samba shares without trouble.
I am running into trouble when trying to use groups defined in the AD as "valid users" or ACLs on the linux box.
Smb.conf:
[global]
security = ADS
realm = CORP.CALLGLOBALCOM.COM
workgroup = CORP
log file = /var/log/samba/%m
log level = 2
#winbind / AD stuff
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind expand groups = 2
winbind nss info = rfc2307
winbind nested groups = Yes
idmap uid range = 1000 - 30000000
idmap gid range = 100 - 30000000
idmap domains = CORP
idmap config CORP:backend = ad
idmap config CORP:default = yes
idmap config CORP:readonly = yes
[homes]
[sysadmins]
path = /tmp
writeable = yes
comment = Globalcom Sysadmins share
valid users = @gc_sysadmins
create mask = 0775
directory mask = 0775
# getent group gc_sysadmins
gc_sysadmins:*:10001:bvaughan
# getent passwd bvaughan
bvaughan:*:1812:100:Ben Vaughan, IT Systems Overlord:/home/bvaughan:/bin/bash
When trying to access the [sysadmins] share defined as above, samba logging says this:
user 'CORP\bvaughan' (from session setup) not permitted to access this share (sysadmins)
I see the disconnect, the "CORP\bvaughan" that samba sees here, vs the "bvaughan" seen in the group entry. Is there a way to make these two come together so the "valid users=" line works?
I am running samba version 3.0.25b-1.el5_1.4 as provided by RedHat.
Any help would be appreciated.
Ben
Ben Vaughan
Globalcom IT Infrastructure Support Team
bvaughan at global-com.com
312 673 4116
More information about the samba
mailing list