[Samba] Valid Users Does Not Like My AD Group or Syntax
fasteddieinaustin at gmail.com
Sat Jan 28 00:07:50 UTC 2023
I am working on replacing an undocumented Samba server with one I have
setup after very helpful wiki. I am just having an issue with using an
Active Directory security group with the setting "valid users" to limit
access to the share. I would like to use an existing security group on the
Windows side to control access to the share, if possible. Server 2012 R2
forest and OS on Windows side. I have taken pains to only use WinBind on
RHEL as Red Hat weenies will point you to using tools like "realm" that
introduce SSSD that I do not want to use.
valid user = MYDOMAIN\myuserid
If I use the above syntax for my user account I can gain access to the
share just as I expect.
valid user = +MYDOMAIN\"MySecurityGroup"
The above syntax does not work (I am a member of the group). I also tried
omitting the quotes around the group name since I do not have a space in
the name. I also tried using the alternate syntax that you can use on
Windows like MySecurityGroup at domain.com.
getent group MYDOMAIN\\MySecurityGroup
The above command does return my group from AD.
chown root:MySecurityGroup somefile.txt
This above command does update the permissions so that the group is used
and displays on the ls command.
SID +MYDOMAIN\MySecurityGroup is not in a valid format
I upped the log level to 3 and I see the above message.
idmap config * : backend = autorid
idmap config * : range = 100000-19999999
idmap config * : rangesize = 1000000
More information about the samba