[Samba] I have issue in configuring file servers with AD integration.

Rowland Penny rpenny at samba.org
Mon Jan 21 10:48:08 UTC 2019


On Mon, 21 Jan 2019 15:53:47 +0530
venkat ramu <ramut123 at gmail.com> wrote:

> 
> [inherit]
>  path = /srv/samba/test/inherit
>  valid users = +"SBX\Inherit-Group", at +"SBX\Inherit-Group"
>  invalid users = +"SBX\Test-Group"
>  writeable = yes
> 
> [inherit1]
>  writeable = yes
>  comment = inherit1
>  valid users = +"SBX\Inherit-Group", at +"SBX\Inherit-Group"
>  path = /srv/samba/test/inherit1
>         inherit permissions = no

Your computer appears to be a Unix domain member and if you read
the 'invalid users' part of 'man smb.conf'

You will find that '+' means look in the Unix group database
(/etc/group) and '@' means look in the NIS database.
As your computer is a Unix domain member, neither of these will be
used and 'Inherit-Group' should exist in AD.

There is another possible problem (it could a typo), you posted this:

    workgroup = SBX

and also this:

    idmap config TESTAD : backend = rid
    idmap config TESTAD : range = 10000-999999

'TESTAD' should be 'SBX'

Can I also suggest you read this:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

That is a much better way of doing what you require.

Rowland



More information about the samba mailing list