I run a Fedora 2 box with Samba 3.0.10 as a domain member. The PDC is a
Win server with AD.
Running winbind, all domain users and groups are visible on the Samba box.
To grant a special group of domain users access to parts of a samba
share, I would like to
- add a *local* group on the samba box (*not* in AD!) and
- add some *domain* users to this new group.
Unfortunately the trick of adding a local unix group doesn't work as
samba apparently doesn't take them into account, so I guess I have to
add the group to winbind. However, the wbinfo man page only describes
how I could add a local user to a local group, not a domain user.
Maybe I'm just too dumb to understand the man pages - any advice how to
get this setup working would be really welcome!
Cheers,
Albrecht
--
LIOS Technology GmbH
Dr. Albrecht Dreß
Project Engineering / Software Design
Schanzenstrasse 6 - 20
D-51063 Köln
Germany
Phone +49 221 676 2742
Fax +49 221 676 2069
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
> Hi,
>
> I run a Fedora 2 box with Samba 3.0.10 as a domain member. The PDC is
> a Win server with AD.
>
> Running winbind, all domain users and groups are visible on the Samba
> box.
>
> To grant a special group of domain users access to parts of a samba
> share, I would like to
>
> - add a *local* group on the samba box (*not* in AD!) and
> - add some *domain* users to this new group.
>
> Unfortunately the trick of adding a local unix group doesn't work as
> samba apparently doesn't take them into account, so I guess I have to
> add the group to winbind. However, the wbinfo man page only describes
> how I could add a local user to a local group, not a domain user.
>
> Maybe I'm just too dumb to understand the man pages - any advice how
> to get this setup working would be really welcome!
>
> Cheers,
> Albrecht
>
To manipulates a domain user, you have to use its FQN (fully qualified
name):
assuming you have a domain called CRAPULE and a user called brigand, and
the winbind separator = + (in smb.conf)
then, it's name is CRAPULE+brigand
--
Joris De Pooter
That doesn't work for me:
[root@srv-lios2 root]# wbinfo -C local-special-group
[root@srv-lios2 root]# wbinfo -o DOMAIN_user:local-special-group
Could not add user to group
The messages don't contain any further error information. I am sure,
though, that the grouf has been created, as trying to add it again
results in an error message there.
Thanks,
Albrecht
--
LIOS Technology GmbH
Dr. Albrecht Dreß
Project Engineering / Software Design
Schanzenstrasse 6 - 20
D-51063 Köln
Germany
Phone +49 221 676 2742
Fax +49 221 676 2069
> Joris De Pooter schrieb:
>
>> To manipulates a domain user, you have to use its FQN (fully
>> qualified name):
>> assuming you have a domain called CRAPULE and a user called brigand,
>> and the winbind separator = + (in smb.conf)
>> then, it's name is CRAPULE+brigand
>
>
> That doesn't work for me:
>
> [root@srv-lios2 root]# wbinfo -C local-special-group
> [root@srv-lios2 root]# wbinfo -o DOMAIN_user:local-special-group
> Could not add user to group
>
> The messages don't contain any further error information. I am sure,
> though, that the grouf has been created, as trying to add it again
> results in an error message there.
>
> Thanks,
> Albrecht
>
Oops, i thought you wanted to create a local unix group.
Why not consider this option ?
--
Joris De Pooter
That's not possible - local UNIX user groups are ignored when using
AD/winbind authentication.
Cheers, Albrecht.
--
LIOS Technology GmbH
Dr. Albrecht Dreß
Project Engineering / Software Design
Schanzenstrasse 6 - 20
D-51063 Köln
Germany
Phone +49 221 676 2742
Fax +49 221 676 2069