[Samba] AD group member cant write to the samba shared folder

Tharanga Abeyseela (RGA) tharanga.abeyseela at rexelga.com.au
Sun May 2 19:17:31 MDT 2010


Hi Guys,

I managed to authenticate AD groups with samba. Now I can define several groups and that group members only be allow to access the shared folders defined in smb.conf. but that members cant see the files or write to that folder. (/home/test)

This is my smb.conf

[global]
workgroup = xxx
realm = xxx.COM
password server = *
server string = Samba file and print server
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
#printcap name = cups
#printing = cups
idmap uid = 15000-20000
idmap gid = 15000-20000
#winbind use default domain = yes
nt acl support = yes
map acl inherit = yes
winbind enum users = yes
winbind enum groups = yes
#client ntlmv2 auth = yes
template homedir = /home/%D/%U
template shell = /bin/bash


[itaccess]
comment = Testing AD Integration
browseable = yes
readonly =  no
writeable = yes
path = /home/test/
inherit acls = yes
inherit permissions = yes
valid users = @"xxx+itaccess"
write list = @"xxx+itaccess"
admin users = @"xxx+itaccess"
create mask = 770
force create mode = 770
force directory mode = 770

chmod 770 /home/test
chown root.root /home/test

setfacl  -m u:"xxx+itaccess":rwx /home/test
setfacl  -d -m u:"RAP+itaccess":rwx /home/test


getfacl /home/test

# file: home/test/
# owner: root
# group: root
user::rwx
group::rwx
group:RAP+itaccess:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:RAP+itaccess:rwx
default:mask::rwx
default:other::---


drwxrws---+  2 root      root      4096 2010-05-03 10:33 test



but if that goup member try to write something  it says access denied. If I put on that test folder , group members cant see it (read it ).

Can someone help me to solve the issue . (Ad group authentication is working properly with samba)

Thanks,
Tharanga


More information about the samba mailing list