[Samba] using Windows AD unwanted Group rights get applied to new Files
rpenny at samba.org
Tue Aug 7 13:54:01 UTC 2018
On Tue, 7 Aug 2018 13:34:30 +0000
VELARTIS Philipp Dürhammer <p.duerhammer at velartis.at> wrote:
> Ok so the config is generally a problem. I can try to change that.
> What i do not understand is
> >>You would then need to give all your users a unique uidNumber
> >>attribute containing a number inside the range you set in smb.conf,
> >>you would also need to give the user a gidNumber attribute
> >>containing the gidNumber of the required group to use instead of
> >>>>'Domain Users'.
> This is rella ycomplicated.
It isn't once you get head around it ;-)
> How do users normaly use samba with a
> windows AD server without breaking security concept by bypassing all
> user right sharing the same group?
They just don't allow 'Domain Users' access to the share.
>I could also give every user on
> the AD server a unique group... but thats a real hack...
Yes, It is .
More information about the samba