Hi, I have been setting up samba and winbind on a Debian Linux box to allow access to shares authenticating from a Windows 2000 Active Directory Domain.
I have got almost everythign I want to work, but I am stuck with one thing. I would like to add domain users to a local unix group and then add that group to the valid users line to a share. Enclosed is my smb.conf and my /etc/group files Thank you, Kimball --smb.conf-- #======================= Global Settings ======================= [global] workgroup = TEST server string = %h server (Samba %v) wins server = 10.22.2.70 dns proxy = no ; name resolve order = lmhosts host wins bcast log file = /var/log/samba/log.%m syslog = 0 panic action = /usr/share/samba/panic-action %d security = domain idmap uid = 15000-20000 idmap gid = 15000-20000 # winbind separator = % winbind enum users = yes winbind enum groups = yes # winbind use default domain = yes password server = * encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes ; guest account = nobody invalid users = root ; unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ; load printers = yes ; printing = bsd ; printcap name = /etc/printcap ; printing = cups ; printcap name = cups ; printer admin = @ntadmin ; preserve case = yes ; short preserve case = yes ; include = /home/samba/etc/smb.conf.%m socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & ; domain master = auto ; idmap uid = 10000-20000 ; idmap gid = 10000-20000 ; template shell = /bin/bash [homes] comment = Home Directories browseable = no writable = no create mask = 0700 directory mask = 0700 ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no ; write list = root, @ntadmin # This works, and allows all users authenticated on the domain [test1] comment = Open Test Share path = /usr/share/smb/test1 public = yes writable = yes # This doesn't work [test2] comment = Only for group foo path = /usr/share/smb/test2 public = no writeable = yes valid users = @foo # This works and only allow the user 'user' on domain 'TEST' to access [test3] comment = Only for user path = /usr/share/smb/test3 public = no writeable = yes valid users = TEST\user # This works and allows all members of the domain group 'Domain Users' to access [test4] comment = Only for Domain group 'Domain Users' path = /usr/share/smb/test4 public = no writeable = yes valid users = @TEST\"Domain Users" --/etc/group-- root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20:kimball fax:x:21: voice:x:22: cdrom:x:24:kimball floppy:x:25:kimball tape:x:26: sudo:x:27: audio:x:29:kimball dip:x:30: www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43:telnetd video:x:44:kimball sasl:x:45: staff:x:50: games:x:60: users:x:100: nogroup:x:65534: crontab:x:101: Debian-exim:x:102: kimball:x:1000: postgres:x:103: ssh:x:104: bind:x:105: telnetd:x:106: foo:x:107:TEST\user bar:x:1001: -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
