[Samba] Giving AD group members access to Samba server
Here's my situation, hoping that some of you who are running Samba in an AD environment will have insight: Samba is acting as a member file server in an AD domain. In addition to the domain containing Samba, there are two other domains in the AD forest. All three domains have full trust between them. Each domain has a Global Security Group called ACAD_ENGR. Samba (through winbind) sees them as DOM1+ACAD_ENGR, DOM2+ACAD_ENGR, and DOM3+ACAD_ENGR. I'd like members from all three groups to have write access to a particular directory. This needs to be done with filesystem permissions, not share permissions, because underneath each directory there are further subdirectories that have varying access rights matched to other groups in the three domains. Thoughts? Is this possible with Samba? -- Joshua Penixhttp://www.binarytribe.com Binary Tribe Linux Integration Services & Network Consulting -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind nested groups not working
On Jan 18, 2007, at 6:54 AM, Gerald (Jerry) Carter wrote: The nest group functionality is for a local BUILTIN\Administrators or MACHINE\localgrp type of group. The patch in question I was referring to was to expand local group membership in getgrnam(). These are different things. Not sure which one you are looking for if either. Hrm, then I'm not quite sure either. Here's the goal -- Samba is acting as a member file server in an AD domain. In addition to the domain containing Samba, there are two other domains in the AD forest. All three domains have full trust between them. Each domain has a Global Security Group called ACAD_ENGR. Samba sees them as DOM1 +ACAD_ENGR, DOM2+ACAD_ENGR, and DOM3+ACAD_ENGR. I'd like members from all three groups to have write access to a particular directory. This needs to be done with filesystem permissions, not share permissions, because underneath each directory there are further subdirectories that have varying access rights matched to other groups in the three domains. Thoughts? Is this possible with Samba? Under Windows there would be two ways to achieve it: 1) Assign all three ACAD_ENGR groups rights to each folder. In theory, this could be achieved in Linux by using ACLs. But it is not an easily manageable solution - should we add a fourth domain, we would have to go back and add it to every folder. 2) In the domain where the files are actually hosted, create a Domain Local group and then add the ACAD_ENGR groups from each domain to it. Then assign rights on the filesystem to the single Domain Local group. This is considered the "best practice" - down the road, adding or removing access is as simple as a group membership change. Number 2 is what I'm trying to do, but Samba doesn't seem to allow it. I cannot see the Domain Local group through "wbinfo -g". I *can* explicitly pull its ID with "getent group DOM1+localgroup", but it shows as having no members. Since getent sees it, I can assign it as group owner of a directory, but Samba will not let any of the members have access. Am I just doing something wrong? -- Joshua Penixhttp://www.binarytribe.com Binary Tribe Linux Integration Services & Network Consulting -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind nested groups not working
Is the "winbind nested groups" functionality not currently working in Samba 3.0.23d? The readme files seem to indicate it should be (since 3.0.3), but then this message by Jerry to the list... http://groups.google.com/group/linux.samba/msg/5ecc575f70af3c8c ...seems to indicate that there's some patch waiting for 3.0.24. Unfortunately he's not specific as to what it solves. I've actually tried it with the 3.0.10 that comes with RHEL4, 3.0.23d straight from Samba.org, and 3.0.22 from Ubuntu on three different servers. I have no trouble getting winbind talking to AD on any of them, but all of them absolutely refuse to resolve membership of anything nested in a local group. My smb.conf is as follows: [global] workgroup = DOM1 realm = DOM1.DOMAIN.COM security = ADS password server = 192.168.1.37 192.168.1.33 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind nested groups = yes winbind enum groups = yes winbind enum users = yes winbind use default domain = no allow trusted domains = yes The goal is to create a local group on DOM1 that contains a global group of users from DOM1 as well as a global group from trusted domain DOM2. I'd like to assign rights to the local group, and therefore allow anyone in either of the global groups access. Am I just missing something? -- Joshua Penixhttp://www.binarytribe.com Binary Tribe Linux Integration Services & Network Consulting -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Restart Samba to pickup added CUPS printers?
On Sep 15, 2004, at 1:49 PM, Michael Lueck wrote: Is telling Samba to restart the only method to have it detect new CUPS printers. I have Samba configured to share what ever CUPS printers it finds set up in CUPS. A bit annoying to kick everyone out of Samba to add a printer. No, you can send the HUP signal to the running smbd processes to have them see new printers without disconnecting the clients. This also causes a re-read of smb.conf and a few other things. killall -sHUP smbd -- Joshua Penixhttp://www.binarytribe.com Binary Tribe Linux Integration Services & Network Consulting -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrade samba
On Thursday 17 October 2002 06:30, Roger Schmeits wrote: > How does one move from a rpm based samba to tar.gz? In other words how > do I upgrade from samba-2.2.1a-4 to samba-2.2.6.tar.gz. > > Do I remove samba : rpm -e samba? > > And what do I do with the other samba rpm packages: > samba-client-2.2.1a-4 & samba-common-2.2.1a-4? Are they included with > the tar package? > > > Using RH7.2. The Samba team provides RPMs for RedHat. I'd recommend getting those instead of going to source. Yes, they're laid out differently - everything is in one RPM as opposed to RedHat's split of samba-client/common/server. So I recommend backing up /etc/samba, and then removing all RedHat Samba RPMs, and then installing the 2.2.6 one provided by Samba themselves. That's all there is to it! http://us4.samba.org/samba/ftp/Binary_Packages/redhat/ --Josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winpopup help - will pay
On Friday 20 September 2002 12:56, Kenneth Loafman wrote: > I think what you want may be possible, however, there are some real > problems with such a tool if it were to be written. I can just imagine > sitting at my lone Windows machine, attached to the Net, when POP, up > comes an add for Viagra, or a way to increase the size of my member, or > for some other nefarious scam concerning wealthy busty virgins that just > escaped the country without their money. Boy that sounds an awful lot like having an ICQ account!! : ^) Honestly, I don't see why Big Black Box wants to hack up winpopup when he could just use Jabber, which is *meant* for messaging across the internet. And he can have complete control over his server, as well as security. --Josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Not able to find SWAT in 7.3 version
On Tuesday 17 September 2002 11:14, Mr.George wrote: > Does Redhat version 7.3 support SWAT configuration coz i dont see the SWAT > file under /etc/xinetd.d. Pls explain y RedHat packages SWAT separately, and doesn't install it by default. Find the "samba-swat" package and install it. --josh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
