Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] adding AD domain users in local Linux group for acces to share
390 views
Skip to first unread message
Hubert, Laurent
Dec 6, 2013, 2:40:02 PM12/6/13
to
Hello,
It seems that domain user can access share when they are specified in "valid list" but not when
"valid list" use local group definition.
First if added the domain user "duser" to the group "lgroup" in /etc/group
Then i defined a samba share and add the domain user "duser in the "valid list"
[lgroup]
comment = Dossier pour le groupes des Technologues clinique du CIMS
path = /export/groups/lgroup
writeable = yes
write list = duser
valid users =duser
create mode = 0770
directory mode = 0770
In that case I can access the share with "smbclient //host/lgroup -U duser"
While if I use "write list = @lgroup" and " valid users =@lgroup" I cannot access the share.
On the other hand, "duser" can access the system thought ssh and write inside "/export/groups/lgroup"
as unix right are the following
drwxrws- - - root lgroup /export/groups/lgroup
Here extract from /etc/group
....
lgroup:x:1505:duser
...
and from /etc/samba/smb.conf
...
idmap config *:backend = tdb
idmap config *:range = 5000-49999
idmap config myDOMAIN:backend = rid
idmap config myDOMAIN:range = 50000-99999
winbind use default domain = yes
winbind nested groups = yes
winbind enum groups = yes
winbind enum users = yes
Thanks
Laurent
--
Laurent Hubert, PhD
Professionnel de recherche
Administration de systèmes Linux, déploiement de solutions Open Source
Centre d'imagerie moléculaire de Sherbrooke
Centre hospitalier universitaire de Sherbrooke
819 346 1110 x 11836
pagette: 6475
http://www.cims.med.usherbrooke.ca<http://www.cims.med.usherbrooke.ca/>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
It seems that domain user can access share when they are specified in "valid list" but not when
"valid list" use local group definition.
First if added the domain user "duser" to the group "lgroup" in /etc/group
Then i defined a samba share and add the domain user "duser in the "valid list"
[lgroup]
comment = Dossier pour le groupes des Technologues clinique du CIMS
path = /export/groups/lgroup
writeable = yes
write list = duser
valid users =duser
create mode = 0770
directory mode = 0770
In that case I can access the share with "smbclient //host/lgroup -U duser"
While if I use "write list = @lgroup" and " valid users =@lgroup" I cannot access the share.
On the other hand, "duser" can access the system thought ssh and write inside "/export/groups/lgroup"
as unix right are the following
drwxrws- - - root lgroup /export/groups/lgroup
Here extract from /etc/group
....
lgroup:x:1505:duser
...
and from /etc/samba/smb.conf
...
idmap config *:backend = tdb
idmap config *:range = 5000-49999
idmap config myDOMAIN:backend = rid
idmap config myDOMAIN:range = 50000-99999
winbind use default domain = yes
winbind nested groups = yes
winbind enum groups = yes
winbind enum users = yes
Thanks
Laurent
--
Laurent Hubert, PhD
Professionnel de recherche
Administration de systèmes Linux, déploiement de solutions Open Source
Centre d'imagerie moléculaire de Sherbrooke
Centre hospitalier universitaire de Sherbrooke
819 346 1110 x 11836
pagette: 6475
http://www.cims.med.usherbrooke.ca<http://www.cims.med.usherbrooke.ca/>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Laurent Hubert
Dec 9, 2013, 4:00:02 PM12/9/13
to
Solved.
The actual solution comes reading
http://samba.2283325.n4.nabble.com/Using-Local-Groups-with-AD-Domain-Users-for-Samba-Shares-td4639133.html
which used the "net sam createlocalgroup" and "net sam addmem" command
as in
net sam createlocalgroup wurst
net sam addmem wurst SAMBA\asn
[myshare]
valid users = @wurst
--
View this message in context: http://samba.2283325.n4.nabble.com/adding-AD-domain-users-in-local-Linux-group-for-acces-to-share-tp4657677p4657803.html
Sent from the Samba - General mailing list archive at Nabble.com.
The actual solution comes reading
http://samba.2283325.n4.nabble.com/Using-Local-Groups-with-AD-Domain-Users-for-Samba-Shares-td4639133.html
which used the "net sam createlocalgroup" and "net sam addmem" command
as in
net sam createlocalgroup wurst
net sam addmem wurst SAMBA\asn
[myshare]
valid users = @wurst
--
View this message in context: http://samba.2283325.n4.nabble.com/adding-AD-domain-users-in-local-Linux-group-for-acces-to-share-tp4657677p4657803.html
Sent from the Samba - General mailing list archive at Nabble.com.
0 new messages