[Samba] samba winbind ignores local unix groups.
sf878787767676 at gmail.com
sf878787767676 at gmail.com
Mon Mar 28 19:28:53 MDT 2011
Hi, thanks very much for your feeback.
I now have it working in my Virtualbox lab and will make the changes in
production shortly.
The trick was to rely on kerberos only thanks for the winbind tip, it was
confusing me horribly.
I disabled winbind and did more testing, now anyone who has authenticated
to AD, and is in a local linux group for the share can connect.
Thanks again,
Steve.
On , Werner Durgarten <wernerdurgarten at gmx.de> wrote:
> Hi,
> -------- Original-Nachricht --------
> > Why does samba+winbind ignore the local unix groups ?
> >
> > I have joined my samba server to Windows AD.
> >
> > I have configured a share with the values:
> > [public_share]
> > #Perms are 777
> > path = /home/pub_share
> > comment = Public_Share
> > writable = yes
> > create mask = 775
> > directory mask = 775
> > browsable = yes
> > valid users = @adgroup
> >
> >
> > If I use a group from Windows AD, there is no problem accessing the
> share,
> > but we do not want to add / change groups in AD, we need to add users to
> > our
> > local /etc/groups as access to Windows AD is very limited and we would
> > rather control things on the linux side, and use the single sign on from
> > AD
> > for the users.
> >
> i am not the best expert the mailing list has to offer, but i think when
> you are using ad and winbind you need group information locally and in ad
> + mapping between ad and local groups - otherwise you will step into
> various problems. alternatives are (1) switching off winbind (then samba
> falls back to local group information only) or (2) administer your local
> groups via ad rfc2307 schema extension + winbind + nsswitch.
> hth
> werner
> --
> NEU: FreePhone - kostenlos mobil telefonieren und surfen!
> Jetzt informieren: http://www.gmx.net/de/go/freephone
More information about the samba
mailing list