You are welcome :-) On Tue, 2007-12-11 at 11:51 -0600, Ben Vaughan wrote: > And the correct answer is... > > Using a valid users line that looks like this: > > Valid users = +DOMAIN\group > > Many thanks to "irda" on the #samba IRC channel. > > Ben > > > Ben Vaughan > Globalcom IT Infrastructure Support Team > [EMAIL PROTECTED] > 312 673 4116 > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Vaughan > Sent: Tuesday, December 11, 2007 10:30 AM > To: samba@lists.samba.org > Subject: [Samba] Winbind and groups > > Hello Friendly Samba People, > > I have a working samba install that allows my AD users access to files on my > linux box. The linux box is configured via Winbind as a domain member and > uses Winbind as the local NSS. I can successfully resolve both users and > groups from the AD. Users are currently able to access the samba shares > without trouble. > > I am running into trouble when trying to use groups defined in the AD as > "valid users" or ACLs on the linux box. > > Smb.conf: > [global] > security = ADS > realm = CORP.CALLGLOBALCOM.COM > workgroup = CORP > log file = /var/log/samba/%m > log level = 2 > > #winbind / AD stuff > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind expand groups = 2 > winbind nss info = rfc2307 > winbind nested groups = Yes > idmap uid range = 1000 - 30000000 > idmap gid range = 100 - 30000000 > idmap domains = CORP > idmap config CORP:backend = ad > idmap config CORP:default = yes > idmap config CORP:readonly = yes > > [homes] > > [sysadmins] > path = /tmp > writeable = yes > comment = Globalcom Sysadmins share > valid users = @gc_sysadmins > create mask = 0775 > directory mask = 0775 > > # getent group gc_sysadmins > gc_sysadmins:*:10001:bvaughan > > # getent passwd bvaughan > bvaughan:*:1812:100:Ben Vaughan, IT Systems Overlord:/home/bvaughan:/bin/bash > > When trying to access the [sysadmins] share defined as above, samba logging > says this: > > user 'CORP\bvaughan' (from session setup) not permitted to access this share > (sysadmins) > > > I see the disconnect, the "CORP\bvaughan" that samba sees here, vs the > "bvaughan" seen in the group entry. Is there a way to make these two come > together so the "valid users=" line works? > > I am running samba version 3.0.25b-1.el5_1.4 as provided by RedHat. > > Any help would be appreciated. > > Ben > > > > Ben Vaughan > Globalcom IT Infrastructure Support Team > [EMAIL PROTECTED] > 312 673 4116 > > -- > > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- Simo Sorce Samba Team GPL Compliance Officer <[EMAIL PROTECTED]> Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]>
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba