[Samba] Use Samba with ACL for read Active Directory and set Permissions via it.

Rowland Penny rowlandpenny at googlemail.com
Sun Dec 28 10:36:55 MST 2014

On 28/12/14 15:48, Jason Long wrote:
> Thank you so much.
> Thus I must change "idmap config JASONDOMAIN.JJ:backend = ad " to "idmap config JASONDOMAIN:backend = ad".
> How about Workgroup? is must change "JASONDOMAIN" too?
> About your question I must say that I Test this share via Linux too and Windows and Linux has same problem.
> About "What I would do is, install the OpenSSH server on the linux machine, install 'PUTTY' on a windows machine and try to login via 'PUTTY' and use the SSH protocol." , You mean is that Windows clients use SSH to work with this directory? I want to made this Linux Box as a File server and Windows Clients need graphical browser to copy and paste file into this directory!!!!!!!
> What is your idea?
> Thanks.

I am loosing track here a bit, but if your dns domain is example.com, 
then your windows AD realm should be something like internal.example.com 
and your workgroup/domain name should be INTERNAL, that is, they all 
rely on each other.

So anywhere that you come across these, you should use the relevant one, 
this is the relevant parts from a Unix client on my domain:

         workgroup = INTERNAL
         security = ADS
         realm = INTERNAL.EXAMPLE.COM
         idmap config * : backend = tdb
         idmap config * : range = 2000-9999
         idmap config INTERNAL : backend  = ad
         idmap config INTERNAL : range = 10000-999999
         idmap config INTERNAL : schema_mode = rfc2307

As for using 'PUTTY', this was just a way of testing whether you can 
connect to the Unix machine.


More information about the samba mailing list