I have used the following successfully in the past:
[shared]
path = /home/shared
valid users = @ad_admins
read only = No
guest ok = Yes
This requires the sssd-libwbclient rpm which may be installed already as
a dependency.
-Justin
On 03/22/2016 02:49 PM, Baird, Josh wrote:
Hi all,
I'm attempting to integrate Samba 4.2.3 with IPA 4.2 (RHEL7). I have a
kerberos trust established between IPA and AD. I have followed the
instructions on the wiki [1], but had some questions and problems specifically
related to share permissions:
I'm having trouble with shares where I need to grant access to a specific AD
user/group. I have tried this and other variations with no success:
[shared]
path = /home/shared
writable = yes
browsable = yes
valid users = [email protected]
I have also tried:
valid users = ad\testsamba
vaild users= @ad\testsamba
valid users= @[email protected]
What is the proper way to allow specific AD groups access to the Samba share?
I also tried nesting an external group in a POSIX group with no success.
Should I be using something other than 'valid users'?
[1] http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
Thanks,
Josh
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
