[Samba] Ubuntu SSSD Active Directory Authorization issue (group membership is not honored)
peter at serbe.ch
Fri Jan 16 08:01:47 MST 2015
Rowland Penny schrieb am 15.01.2015 22:00:
> For samba4 active directory, read microsoft AD, so you don't have to
> provision anything else, you just need to learn how to properly use what
> you already have.
Rowland is right, of course. But(!) things might be simpler with the
Without the attributes You need to set the permissions from windows.
So first all the users could read/write/see everything. Then You
would set the attributes on Windows to restrict things to Your liking.
With the RFC2307 attributes You can use ACLs directly on the file system.
You might also be able to use the ACLs without RFC2307, but there might
be inconsistencies between the different servers. But in the end, both
options will do pretty much the same.
It might be possible to have Winbind do the job. Once I tried that, but
most likely due to a personal lack of experience I did not succeed.
I managed to do it using the RFC2307 attributes anyway. If You have
enough time, I'd give it a try. IIRC You did set up sssd, which makes
good use of RFC2307.
More information about the samba