[Samba] valid users with AD group

jsl6uy js16uy js16uy at gmail.com
Thu Dec 15 20:31:25 UTC 2016 

Thanks very much for the quick response/info sir
Server is joined to the domain, which, I think, the info I listed
demonstrates, apologies if not

sssd has nothing to do with Samba.
>>I somewhat understand that sir. I listed mainly to provide info on auth
methods and services on the host. In case not listing affected diagnosis,
and just in case samba did something different interacting on system with
sss as a source for user/group accounting info

If so, then stop trying to get 'valid users' to work and use windows
ACLs instead :
>>I will check that out. thanks much again


On Thu, Dec 15, 2016 at 2:09 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 15 Dec 2016 13:50:09 -0600
> jsl6uy js16uy via samba <samba at lists.samba.org> wrote:
>
> > Hello all, hope all is well/happy holidays
> >
> > Issues with an old thread out there, valid users containing an AD
> > group
> >
> > Have tried this on systems running cent7u2 and ubuntu trusty. These
> > systems are running sssd. I can login with AD users and chown/chgrp
> > file with AD groups. However, I can't get AD groups to work with
> > valid users for restricting share access. If I just set individual AD
> > users, works just fine.
> > I did troll thru googles and this mailing list, but many posts were
> > leveraging winbind or winbind and older versions of samba. Faqs and
> > docs led me to try several variants for vaild users =
> >
> > @"MC\MC-Services"
> > @"MC\\MC-Services"
> > @MC-Services
> > MC-Services
> >
> > Any thoughts/help would be greatly appreciated.
> > thanks and regards
> >
> >
> > some samba vers on the centos host
> > samba-common-4.2.3-12.el7_2.noarch
> > samba-common-tools-4.2.3-12.el7_2.x86_64
> > samba-common-libs-4.2.3-12.el7_2.x86_64
> > samba-4.2.3-12.el7_2.x86_64
> > samba-libs-4.2.3-12.el7_2.x86_64
> > samba-client-libs-4.2.3-12.el7_2.x86_64
> >
> > [root at Xsamba]# smbd -V
> > Version 4.2.3
> >
> >
> > >>>Here is the config
> >
> > [global]
> >         workgroup = mc
> >         server string = Samba Server Version %v
> >         log file = /var/log/samba/log.%m
> >         max log size = 50
> >         security = ads
> >         bind interfaces only = yes
> >         interfaces=192.168.99.0/24
> >         dedicated keytab file=/etc/krb5.keytab
> >         password server = 192.168.1.2 192.168.1.3
> >         realm = MC.FOO.COM
> >         passdb backend = tdbsam
> >         map to guest = Bad Uid
> >
> >
> > [homes]
> >         comment = Home Directories
> >         browseable = no
> >         writable = yes
> >
> > [logs]
> >         comment = Server Logs
> >         path = /logs
> >         writable = no
> >         #valid users = jsmith
> >         valid users = @"MC\MC-Services"
> >         printable = no
> > ~
>
> Is the Samba machine joined to the domain ?
> If so, then stop trying to get 'valid users' to work and use windows
> ACLs instead :
>
> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>
> Other than that, as you are using sssd, I suggest you try the
> sssd-users mailing list. sssd has nothing to do with Samba.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list