Hi, thanks very much for your feeback.
I now have it working in my Virtualbox lab and will make the changes in
production shortly.
The trick was to rely on kerberos only thanks for the winbind tip, it was
confusing me horribly.
I disabled winbind and did more testing, now anyone who has authenticated
to AD, and is in a local linux group for the share can connect.
Thanks again,
Steve.
On , Werner Durgarten <wernerdurgar...@gmx.de> wrote:
Hi,
-------- Original-Nachricht --------
> Why does samba+winbind ignore the local unix groups ?
>
> I have joined my samba server to Windows AD.
>
> I have configured a share with the values:
> [public_share]
> #Perms are 777
> path = /home/pub_share
> comment = Public_Share
> writable = yes
> create mask = 775
> directory mask = 775
> browsable = yes
> valid users = @adgroup
>
>
> If I use a group from Windows AD, there is no problem accessing the
share,
> but we do not want to add / change groups in AD, we need to add users to
> our
> local /etc/groups as access to Windows AD is very limited and we would
> rather control things on the linux side, and use the single sign on from
> AD
> for the users.
>
i am not the best expert the mailing list has to offer, but i think when
you are using ad and winbind you need group information locally and in ad
+ mapping between ad and local groups - otherwise you will step into
various problems. alternatives are (1) switching off winbind (then samba
falls back to local group information only) or (2) administer your local
groups via ad rfc2307 schema extension + winbind + nsswitch.
hth
werner
--
NEU: FreePhone - kostenlos mobil telefonieren und surfen!
Jetzt informieren: http://www.gmx.net/de/go/freephone
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
