[Samba] S3 - Valid users option and AD/Ldap primary group
o.bilhaut at fondation-misericorde.fr
Tue Nov 20 03:05:51 MST 2012
We wonder about the possibility to use the primary group of a user as
argument in the "valid users" option, in the share section of the
I explain :
In an AD schema, you're primary group could be, for example, 530 (Domain
Users), you're not "memberof" the "Domain users" group in the LDAP schema.
So winbind and/or NSS seems to have problems to retrieve the membership
of a user when he belongs to the primary group.
We use samba 3.5.6 joined to a samba 4 rc5 AD, and we would like to use
the primary group of the users as argument for the option "valid users".
But the level 10 log give us :
Nov 19 12:37:06 localhost smbd: [2012/11/19 12:37:06.964523, 2]
Nov 19 12:37:06 localhost smbd: user 'DOMAIN/User' (from session
setup) not permitted to access this share (TEST)
Nov 19 12:37:06 localhost smbd: User DOMAIN/User not in 'valid
For info :
When we use wbinfo -r User, it return primary group AND other group
When we use "getent group", the primary group is shown but is empty.
Is it simply possible?
*** Service Informatique
More information about the samba