[Samba] How to map an AD group to an existing unix group/gid
Eric Diven
eric.diven at edsiohio.com
Fri Jun 13 16:45:44 GMT 2008
I have a unix group that owns some files on a share, and I'd like to set
up a group mapping so that an Active directory group (with an exising
mapping in winbind from earlier use) gets access to these files via a
mapping.
I've been fooling around with net groupmap add, and haven't been able to
get this set up.
The group Domain Users has an existing mapping to gid 10004, which
winbind allocated at some point in the past
I have a group testgroup, with gid=134
I've tried the following:
net groupmap add sid=S-...-513 unixgroup=testgroup
ntgroup="DOMAIN+Domain Users"
which gives the following for a net groupmap list:
DOMAIN+Domain Users (S-...-513) -> testgroup
and
net groupmap add sid=S-...-513 unixgroup=134
which gives this when I do a net groupmap list:
134 (S-...-513) -> DOMAIN+domain users
For both of these, when I view the properties of a file owned by
testgroup, the group owner shows up as Domain Users, with both read and
write permissions.
For both of these, wbinfo shows the following:
wbinfo --group-info="DOMAIN+domain users"
DOMAIN+domain users:x:134
So far, so good, right?
However, for both of these, when I try to access a file owned by
testgroup, I'm denied access. If I create a file in a directory when
logged in as a domain user, it gets created with gid 10004, that's fine.
nscd is disabled, nsswitch.conf contains group: files winbind, OS is
Solaris 10 update 4, samba is 3.0.25a, as shipped with S10u4.
Any ideas on this?
Thanks,
~Eric
More information about the samba
mailing list