[Samba] Fileserver and access groups
jd at ionica.lv
jd at ionica.lv
Sat Apr 4 12:11:30 MDT 2015
Citēju Rowland Penny <rowlandpenny at googlemail.com>:
> On 30/03/15 18:00, jd at ionica.lv wrote:
>> I have Samba AD DC and Samba fileserver (hereafter-FS) as domain
>> member. I need to organize access to the specific shares on FS for
>> a groups of specific domain users. Where should I make the domain
>> user groups - on DC, on FS or on both?
>> Does the FS need any local Samba users at all? What if domain
>> users' homes are located on FS?
> All your users & groups should be stored in AD, except for users
> like 'root' (yes korashi I am looking at you) or www-data, ntp etc
> i.e. any user or group that has an ID less than 1000.
> You use ACLs for users homes stored on the fileserver, the
> fileserver needs to be joined to the domain.
can you elaborate a bit on this?
fileserver is joined to the domain, but seems not getting something
(or the cfg I made is wrong - it does not allow me to open my home
\\fs\user while being logged on to the domain (ok, I am logged into
the domain over VPN and it seems to be enough for domain
administration using windows tools)
wbinfo -u (executed on FS) lists all domain users, as well as wbinfo
-g - groups.
But if I try to get info on myself using wdinfo -i user at DOMAIN, i get
"Failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND"
Another thing I do not understand is: how can I set permissions for
shares on FS in the form of DOMAIN\user or DOMAIN\group?
More information about the samba