Ryan Bair wrote:
You can't make a local user a member of an AD group since AD needs to
know about them.
You can however add an AD user to a local group just like you would
for a local user.
This is true with normal LDAP accounts as well.
I've spent a fair chunk of the day looking for a solution, and have only
found people w/ similar problems.
I have NO ability to control/manipulate the Active Directory(AD) server
- different group manages that resource.
I have a samba server as an AD. Currently the AD users can access the
Samba shares. I have added some AD users to the local UNIX groups on
the server but that does not not seem to be working - while (UNIX) group
membership should permit access to the resource, the users are being
denied access by Samba - according to the logs. I have used the "net
groupmap add" to map the local UNIX group to a windows group in Samba.
Shouldn't this work?
How do I convince samba to check and see if an AD account is a member of
a local UNIX group?
On my older systems that are still using samba as a PDC this works fine
- but I need to move the servers to AD for authentication.
What (obvious) step have I missed?
Samba version 3.0.28a on Solaris
Thanks in advance.
-bob
--
***********************************************************************
Bob Martel,System Administrator I met someone who looks a lot like you
Levin College of Urban Affairs She does the things you do
Cleveland State University But she is an IBM
(216) 687-2214
[EMAIL PROTECTED] -Jeff Lynne
***********************************************************************
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
