[Samba] CentOS 7 AD member having issues with AD groups
rpenny at samba.org
Mon Dec 12 09:04:17 UTC 2016
On Mon, 12 Dec 2016 03:23:56 +0100
Jakov Sosic via samba <samba at lists.samba.org> wrote:
> Hi guys,
> I've joined CentOS 7 successfully to AD as member server, and set
> couple of shares.
> But, limiting access by listing groups, or forcing group write isn't
> Samba is clearly having issues with groups.
> This is example share not working at all (constantly asking for
> path = /data/tools/
> comment = Web development tools
> valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev"
> browseable = yes
> writeable = yes
> force mode = 0660
> force directory mode = 0770
> force security mode = 0660
> guest ok = no
> guest only = no
> delete readonly = Yes
> follow symlinks = Yes
> wide links = No
> case sensitive = Yes
> When I comment out or remove `valid users` directive, access works.
> Also, if I run getent groups it doesn't return any member, while on
> the CentOS 6 with samba 3.5.10 it works:
> centos7 # getent group 'domain users'
> domain users:x:10513:
> centos6 # getent group 'domain users'
> domain users:x:10513:jakov.sosic
> Any ideas?
> I've also found this serverfault post:
If your shares are being accessed from windows. you would be better
off setting the permissions from windows, see here:
More information about the samba