Actually - it looks like this is working. I think I had something cached on the Windows client that I was testing from.
Thanks for the help. > -----Original Message----- > From: [email protected] [mailto:freeipa-users- > [email protected]] On Behalf Of Baird, Josh > Sent: Wednesday, March 23, 2016 9:11 AM > To: '[email protected]' > Subject: Re: [Freeipa-users] Samba Integration with AD Trust > > Justin, > > @ad_admins is an AD group, correct (not a POSIX group), correct? I still > cannot get this working. Home directory shares are working fine. > > (apologies for the broken threading - I don't think I received your message > for some reason) > > Thanks, > > Josh > > > -----Original Message----- > From: Justin Stephenson <jstephen redhat com> > To: "Baird, Josh" <jbaird follett com>, "'freeipa-users redhat com'" > <freeipa-users redhat com> > Subject: Re: [Freeipa-users] Samba Integration with AD Trust > Date: Tue, 22 Mar 2016 15:09:50 -0400 > I have used the following successfully in the past: > > [shared] > path = /home/shared > valid users = @ad_admins > read only = No > guest ok = Yes > > This requires the sssd-libwbclient rpm which may be installed already as a > dependency. > > -Justin > > > -----Original Message----- > > From: [email protected] [mailto:freeipa-users- > > [email protected]] On Behalf Of Baird, Josh > > Sent: Tuesday, March 22, 2016 2:50 PM > > To: '[email protected]' > > Subject: [Freeipa-users] Samba Integration with AD Trust > > > > Hi all, > > > > I'm attempting to integrate Samba 4.2.3 with IPA 4.2 (RHEL7). I have > > a kerberos trust established between IPA and AD. I have followed the > > instructions on the wiki [1], but had some questions and problems > > specifically related to share permissions: > > > > I'm having trouble with shares where I need to grant access to a > > specific AD user/group. I have tried this and other variations with no > success: > > > > [shared] > > path = /home/shared > > writable = yes > > browsable = yes > > valid users = [email protected] > > > > I have also tried: > > > > valid users = ad\testsamba > > vaild users= @ad\testsamba > > valid users= @[email protected] > > > > > > What is the proper way to allow specific AD groups access to the Samba > > share? I also tried nesting an external group in a POSIX group with > > no success. Should I be using something other than 'valid users'? > > > > [1] > > > http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wi > > th_IPA > > > > Thanks, > > > > Josh > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
