[Samba] Grant only one AD group to samba share ?

Dale Schroeder dale at BriannasSaladDressing.com
Tue May 22 12:50:37 MDT 2012


A few questions that might narrow things -

Which version of Samba are you using?
What does the idmap backend configuration for winbind look like?
Does testparm yield any errors?
Do getent group and wbinfo -g return the expected results?
Are nsswitch.conf and PAM configured for authentication?
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3502441/Join-Linux-to-Active-Directory-With-Winbind.htm

On 05/22/2012 1:01 PM, Newman, John W wrote:
> Thanks..
>
> Unfortunately neither suggestion worked
>
> chgrp still just says "invalid group"
>
> valid users  = @"DOMAIN\\My Group" behaves the same as I described in the OP.  Valid credentials = access denied ; invalid credentials = invalid name or bad password.    I already tried all sorts of things in valid users, but nothing is the magic string I need.
>
> Any other ideas?
>
> Thanks for the help so far, much appreciated!!
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of steve
> Sent: Tuesday, May 22, 2012 04:59
> To: samba at lists.samba.org
> Subject: Re: [Samba] Grant only one AD group to samba share ?
>
> On 21/05/12 23:36, Dale Schroeder wrote:
>> On 05/21/2012 3:42 PM, Newman, John W wrote:
>
>>> Thanks for the suggestion, but .. that doesn't work ...
>>>
>>>
>>> chgrp My\ Group /media/share
>>> chgrp: invalid group: `My Group'
>>>
>>>
>>> "My Group" is a windows AD group, not a local linux group. The
>>> machine is "joined" to the windows domain through "net ads join", but
>>> I don't think the security is that tightly integrated. I don't have
>>> windows groups mapped to linux groups I've created or anything like that.
>>> chgrp is expecting a linux group. Right?
>>>
>>> Probably I am missing something, or you guys need more information.
>>> Any thoughts?
> Hi
> Sorry. I forgot about winbind (we use nss-pam-ldapd). With winbind running that should read:
>
> chgrp MYDAOMAIN\\My\ Group /media/share
>
> Cheers,
> Steve
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list