[Samba] valid users with AD group
Rowland Penny
rpenny at samba.org
Thu Dec 15 20:09:51 UTC 2016
On Thu, 15 Dec 2016 13:50:09 -0600
jsl6uy js16uy via samba <samba at lists.samba.org> wrote:
> Hello all, hope all is well/happy holidays
>
> Issues with an old thread out there, valid users containing an AD
> group
>
> Have tried this on systems running cent7u2 and ubuntu trusty. These
> systems are running sssd. I can login with AD users and chown/chgrp
> file with AD groups. However, I can't get AD groups to work with
> valid users for restricting share access. If I just set individual AD
> users, works just fine.
> I did troll thru googles and this mailing list, but many posts were
> leveraging winbind or winbind and older versions of samba. Faqs and
> docs led me to try several variants for vaild users =
>
> @"MC\MC-Services"
> @"MC\\MC-Services"
> @MC-Services
> MC-Services
>
> Any thoughts/help would be greatly appreciated.
> thanks and regards
>
>
> some samba vers on the centos host
> samba-common-4.2.3-12.el7_2.noarch
> samba-common-tools-4.2.3-12.el7_2.x86_64
> samba-common-libs-4.2.3-12.el7_2.x86_64
> samba-4.2.3-12.el7_2.x86_64
> samba-libs-4.2.3-12.el7_2.x86_64
> samba-client-libs-4.2.3-12.el7_2.x86_64
>
> [root at Xsamba]# smbd -V
> Version 4.2.3
>
>
> >>>Here is the config
>
> [global]
> workgroup = mc
> server string = Samba Server Version %v
> log file = /var/log/samba/log.%m
> max log size = 50
> security = ads
> bind interfaces only = yes
> interfaces=192.168.99.0/24
> dedicated keytab file=/etc/krb5.keytab
> password server = 192.168.1.2 192.168.1.3
> realm = MC.FOO.COM
> passdb backend = tdbsam
> map to guest = Bad Uid
>
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
>
> [logs]
> comment = Server Logs
> path = /logs
> writable = no
> #valid users = jsmith
> valid users = @"MC\MC-Services"
> printable = no
> ~
Is the Samba machine joined to the domain ?
If so, then stop trying to get 'valid users' to work and use windows
ACLs instead :
https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
Other than that, as you are using sssd, I suggest you try the
sssd-users mailing list. sssd has nothing to do with Samba.
Rowland
More information about the samba
mailing list