[Samba] CentOS 7 AD member having issues with AD groups
Rowland Penny
rpenny at samba.org
Mon Dec 12 09:04:17 UTC 2016
On Mon, 12 Dec 2016 03:23:56 +0100
Jakov Sosic via samba <samba at lists.samba.org> wrote:
> Hi guys,
>
> I've joined CentOS 7 successfully to AD as member server, and set
> couple of shares.
>
> But, limiting access by listing groups, or forcing group write isn't
> working.
>
> Samba is clearly having issues with groups.
>
>
> This is example share not working at all (constantly asking for
> authentication):
>
> [tools]
> path = /data/tools/
> comment = Web development tools
> valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev"
> browseable = yes
> writeable = yes
> force mode = 0660
> force directory mode = 0770
> force security mode = 0660
> guest ok = no
> guest only = no
> delete readonly = Yes
> follow symlinks = Yes
> wide links = No
> case sensitive = Yes
>
> When I comment out or remove `valid users` directive, access works.
>
> Also, if I run getent groups it doesn't return any member, while on
> the CentOS 6 with samba 3.5.10 it works:
>
> centos7 # getent group 'domain users'
> domain users:x:10513:
>
> centos6 # getent group 'domain users'
> domain users:x:10513:jakov.sosic
>
>
> Any ideas?
>
> I've also found this serverfault post:
>
> http://serverfault.com/questions/625416/samba-4-group-members-not-shown-in-getent-group
>
If your shares are being accessed from windows. you would be better
off setting the permissions from windows, see here:
https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
Rowland
More information about the samba
mailing list