[Samba] AD integration with multiple groups

grant little grantliddle at gmail.com
Tue Feb 1 09:21:42 MST 2011


I forgot to mention that I also use along with the other:
write list = @ad\securitygroupname

On Tue, Feb 1, 2011 at 8:19 AM, grant little <grantliddle at gmail.com> wrote:

> Yes I do that using:
> valid users = @ad\securitygroupname
>
> works like a charm.
>
> also in my config, don't know if it relates:
> workgroup = AD
> realm = AD.MYDOMAIN.XXX
>
> On Tue, Feb 1, 2011 at 5:57 AM, julien mabillard <jma at mbuf.net> wrote:
>
>> Hello,
>> I post here my question after having spent time on google and forums
>> and documentation to find a clue.
>>
>> I use:
>> GNU/Linux RHEL5 x86_64
>> Samba Version 3.5.6
>> Active Directory 2003 on Windows 2003/2008
>>
>> I want to allow an authenticated user (AD authenticated) to access
>> a share partition under samba only if one of his secondary groups
>> is a defined one.
>>
>> ex: user joe
>> uid=4001(joe) gid=4010(domain users) groups=4010(domain users),
>> 4011(IT),4012(operations)
>>
>> I want to be able to only allow group 'operations' to access the
>> share. I was trying to use : valid users = @operations
>> or : valid users = @MYDOM\operations
>>
>> But I only get success with the gid 'domain users'.
>>
>> Can someone tell me if this is possible to do?
>>
>> Thank you very much.
>>
>>
>> --
>> refs : https://mbuf.net/
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>


More information about the samba mailing list