[Samba] AD group member cant write to the samba shared folder
Tharanga Abeyseela (RGA)
tharanga.abeyseela at rexelga.com.au
Sun May 2 19:17:31 MDT 2010
Hi Guys,
I managed to authenticate AD groups with samba. Now I can define several groups and that group members only be allow to access the shared folders defined in smb.conf. but that members cant see the files or write to that folder. (/home/test)
This is my smb.conf
[global]
workgroup = xxx
realm = xxx.COM
password server = *
server string = Samba file and print server
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
#printcap name = cups
#printing = cups
idmap uid = 15000-20000
idmap gid = 15000-20000
#winbind use default domain = yes
nt acl support = yes
map acl inherit = yes
winbind enum users = yes
winbind enum groups = yes
#client ntlmv2 auth = yes
template homedir = /home/%D/%U
template shell = /bin/bash
[itaccess]
comment = Testing AD Integration
browseable = yes
readonly = no
writeable = yes
path = /home/test/
inherit acls = yes
inherit permissions = yes
valid users = @"xxx+itaccess"
write list = @"xxx+itaccess"
admin users = @"xxx+itaccess"
create mask = 770
force create mode = 770
force directory mode = 770
chmod 770 /home/test
chown root.root /home/test
setfacl -m u:"xxx+itaccess":rwx /home/test
setfacl -d -m u:"RAP+itaccess":rwx /home/test
getfacl /home/test
# file: home/test/
# owner: root
# group: root
user::rwx
group::rwx
group:RAP+itaccess:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:RAP+itaccess:rwx
default:mask::rwx
default:other::---
drwxrws---+ 2 root root 4096 2010-05-03 10:33 test
but if that goup member try to write something it says access denied. If I put on that test folder , group members cant see it (read it ).
Can someone help me to solve the issue . (Ad group authentication is working properly with samba)
Thanks,
Tharanga
More information about the samba
mailing list