[Samba] Local group auth not working for domain members with SECURITY=ADS
Tom Noonan II
thomas.noonan.ii at hp.com
Wed Mar 7 16:03:00 MST 2012
I have a Samba 3.5.10 (Cent 6) server succesfully joined to the
domain. Domain logins and domain group control are working. I have a share
configured with "valid users = +unixgroup" that my domain user cannot access
but my local unix user can. The only group related error message is coming
from string_to_sid(), which I am confident is a red-herring.
My goal in this experiment is to try and get NSS based group access
working, so that I can expand to non-AD group lists. I have a rather
convoluted auth backend that I'm trying to glue Samba onto, and I don't control
the AD servers. I have tried "net sam mapunixgroup unixgroup" but that did not
change the result. I did not try adding users to the group via "net sam" as
that is not a workable solution for my end goal.
My question at this time is if this is behavior is expected. Will
Samba check the NSS groups for domain members? Also, I see samba calls
getgrouplist() samba3/lib/from system_smbd.c. Is this code executed for
domain member lookups?
Thanks in advance.
--
Tom Noonan II
ESL Technician - Randstad
More information about the samba
mailing list