Hi again, the answer is simple : you don't need "net groupmap" at all. thats what the id-ranges in smb.conf are for: the ADS-users and the ADS-groups are mapped by winbind to user /group id's from the ranges specified and era presented by nsswitch to the os like any other user group from local files or nis. This means if you want a dir "SomeDir" to be owed by lets say "domain-users" do a chown someuser.domain-users SomeDir thats all you need.
same for acls, just use the ADS-group like any unix-group. Christoph
Tom Skeren schrieb:
OK Christopher, samba is authenticating, if a bit oddly (some XP machines can use \\sserver\fsk others need to use \\ipaddy\fsk---not a huge problem).
However I don't think I'm grasping the "net groupmap" function. I was of the belief that if I did this:
net groupmap add ntgroup="nt-group" unixgroup=(some group in /etc/group), then ADS members in "nt-group" would be mapped to the unix group. Thus when I setfacl on that directory with the unix mapped group rwx, then ADS members of the nt-group would have rwx permissions.
However, when I log in to the share, the smaba server terminal burps up:
smbd[582] chdir (/home/FSK) failed
I must be missing something. Any thoughts would be appreciated.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
