On Thu, 17 Sep 2009 16:42:50 +0100 Alex Crow <[email protected]> wrote:
> > > > > > > > > I'm not sure that Samba checks the Linux groups but Linux does. In a > > Windows domain, all the accounts reside in the Domain. It may be > > checking the Linux accounts for shares on the DC, but wouldn't be able > > to on a member server. Perhaps one of the Linux gurus could answer your > > question. However, for operations in the domain, you're best to stick > > with domain entities, such as a domain group or domain user accounts. So > > long as Samba has sufficient privileges to access the local Linux share, > > it should be OK. > > Samba (and the windows clients) will only care about domain groups in > the global context of a Samba domain, Unix local groups are pretty > useless here. You need to sort out group mappings to map your local Unix > group to a Samba group, then all should work fine. > > "net groupmap" on your domain controller is the way to go. You can then > go on your merry way using Linux groups on the server across all your > Windows clients and other Win/Samba member servers (given an appropriate > way of resolving those groups across any other Samba/windows servers you > may have - eg Winbind and LDAP). > > Seems this type of thing comes up a lot - should there be something > prominent on TOSHARG about it? > > Alex > Thank you both Alex and Gary for your comments. I guess there is somwhere a better explanation of the +group, the "(in)valid users" section in smb.conf(5) is IMHO missleading. I ended up listing all those users as domain\user and it work. Yes, it's ugly but the DC is not under my control, thus not easy to to have/manage a group there. Thanks for your time. Regards, Chris > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
