[Samba] users via winbind and using @group in smb.conf
Stefan Froehlich
samba at Froehlich.Priv.at
Thu Jan 4 12:14:13 GMT 2007
On Thu, Dec 28, 2006 at 11:10:58AM -0600, James A. Dinkel wrote:
> > I have two samba servers, A is configured as a PDC, B offers some
> > additional shares. B is getting usernames and passwords via winbind
> > from A [...]
> > This is basically working fine, local ssh login is ok, getent shows
> > all remote users and passwords.
> > Now B needs to define some additional, local groups containing the
> > names of remote users. In /etc/group the usernames have been added
> > (without the DOMAIN\ prefix, as "use default domain" is set). On the
> > command line, this is working as well ("groups" does show the local
> > group for the remote users).
> > But what das NOT work is to assign a samba share on B to this local
> > group. I tried
> > | valid users = @group
> > as well as
> > | valid users = @DOMAIN\group
> > but both ways all I get is NT_STATUS_ACCESS_DENIED.
> > How do I have to write this in order to get access for remote group
> > members in a locally defined group?
> I don't see anything wrong with the little bit you've posted. You
> might post your entire smb.conf.
No problem, here you are:
| hosts allow = 192.168.1. 127.
| interfaces = eth0
| security = domain
| socket options = TCP_NODELAY
| remote announce = 192.168.1.255
| netbios name = SERVERB
| workgroup = DOMAIN
| os level = 0
| preferred master = no
| domain master = no
| local master = no
|
| idmap uid = 100-999
| idmap gid = 100-999
| template homedir = /home/%U
| template shell = /bin/bash
| winbind enum users = yes
| winbind enum groups = yes
| wins server = servera.domain.intern
| wins support = no
| password server = servera.synth.intern
| passdb backend = tdbsam
| winbind use default domain = yes
|
| dns proxy = yes
| encrypt passwords = yes
| null passwords = no
| password level = 0
| deadtime = 0
| nt acl support = no
|
| [private]
| path = /var/smb/backupset/private
| read only = No
| guest ok = No
| # valid users = @private
| valid users = DOMAIN\pt, DOMAIN\rl, jr
| hosts allow = 192.168.1.0/24
The active "valid users" line is working perfectly fine, but not what
we actually want. The commented "valid users" line does not work
however. @private is defined in /etc/group:
| private:x:504:rl,pt,jr
Ciao,
Stefan
--
http://kontaktinser.at/
Kontaktbörse für Österreich - kostenlos und unkommerziell
More information about the samba
mailing list