[Samba] Unix ADS group membership or vice versa
Robert M. Martel - CSU
r.martel at csuohio.edu
Fri May 23 19:16:14 GMT 2008
Ryan Bair wrote:
> You can't make a local user a member of an AD group since AD needs to
> know about them.
>
> You can however add an AD user to a local group just like you would
> for a local user.
>
> This is true with normal LDAP accounts as well.
>
I've spent a fair chunk of the day looking for a solution, and have only
found people w/ similar problems.
I have NO ability to control/manipulate the Active Directory(AD) server
- different group manages that resource.
I have a samba server as an AD. Currently the AD users can access the
Samba shares. I have added some AD users to the local UNIX groups on
the server but that does not not seem to be working - while (UNIX) group
membership should permit access to the resource, the users are being
denied access by Samba - according to the logs. I have used the "net
groupmap add" to map the local UNIX group to a windows group in Samba.
Shouldn't this work?
How do I convince samba to check and see if an AD account is a member of
a local UNIX group?
On my older systems that are still using samba as a PDC this works fine
- but I need to move the servers to AD for authentication.
What (obvious) step have I missed?
Samba version 3.0.28a on Solaris
Thanks in advance.
-bob
--
***********************************************************************
Bob Martel,System Administrator I met someone who looks a lot like you
Levin College of Urban Affairs She does the things you do
Cleveland State University But she is an IBM
(216) 687-2214
r.martel at csuohio.edu -Jeff Lynne
***********************************************************************
More information about the samba
mailing list