[Samba] Group Mapping: All Users from a Domain group should be able to write to a local group
Bingo Tuk
tukbingo at gmail.com
Thu Apr 16 05:37:55 MDT 2015
Thank you very much.
Our problem is solved now.
I've changed the local GID and now everything is fine.
$ id
uid=1001(localuser) gid=10656(localgroup) groups=10656(localgroup)
$ id
uid=6161(aduser) gid=5513(domänen-benutzer) groups=5513(domänen-benutzer),
10656(adgroup)
Have a nice day.
On Thu, Apr 16, 2015 at 11:53 AM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:
> On 16/04/15 09:57, Bingo Tuk wrote:
>
>> Hello Mailinglist,
>>
>> I have created a local user "localuser" who is in the local group
>> "localgroup"
>>
>> $ id
>> uid=1001(localuser) gid=1001(localgroup) groups=1001(localgroup)
>>
>> My machine authenticates against Active Directory - works
>>
>> The AD-User "aduser" belongs to a domain group "adgroup"
>> $ id
>> uid=6161(aduser) gid=5513(domänen-benutzer)
>> groups=5513(domänen-benutzer),10656(adgroup)
>>
>> I have mapped the local group and the adgroup with the command
>> net groupmap add ntgroup="adgroup" unixgroup=localgroup rid=10656 type=d
>>
>> That works also
>> # net groupmap list
>> adgroup (S-1-5-21-000098831-0000488756-4286701815-10656) -> localgroup
>>
>> Anyway, the user "aduser" can't write a file with the group "localgroup"
>>
>> What am I missing? Any hints?
>>
>> Thank you very much
>>
>
> You are missing the fact that you don't map groups any more with AD, that
> is an NT-4 style PDC thing. Just give the AD group a uidNumber and use the
> winbind 'ad' backend or use the 'rid' winbind backend, in which case you do
> not need to do anything.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list