On Fri, Feb 29, 2008 at 5:12 AM, Victor Mendez <[EMAIL PROTECTED]> wrote:
Alex thank you for your support, can you please explain the command below: > Specially the chown I'm not familiar with the syntax you are using. If I > try > to apply this to our TEST configuration it does not work we get the > following > error: > cuzco:~ # chown 0:"NETSYS\Series" /Series > chown: `0:NETSYS\\Series': invalid group > > Being NETSYS = workgroup name > Being Series = group Series defined on the ADS windows PDC > Being /Series = a disk share on the samba machine > > > On the server you have to use the chown command and chmod command to > give > > the AD group DEP_TEST_MEMBER access on the Linux filesystem: > > chmod g+s /data/grp > > chown 0:"TEST\DEP_TEST_MEMBER" /data/grp > > QUESTION: does DEP_TEST_MEMBER is a group defined on the Linux box and on > the > ADS. or is only defined on the ADS.? DEP_TEST_MEMBER is a group only defined in the AD. > > on my linux TEST box on the /etc/groups there is no "Series" group > on my windows TEST ADS there is a group called "Series" with 4 users > > Another thing maybe I have not been clear, from our windows workstations > we > want to connect to a share in the Linux box but the user logged in the > workstation does NOT have an account on linux machine he has an account on > the windows ADS PDC. > AD users don't need a account on the Linux machine. But for Samba to work properly with AD users, you also need the winbind daemon to run. winbind is a daemon of Samba. If winbind runs properly then AD users/groups will be a (virtual) part of /etc/passwd and /etc/group. The file /etc/nsswitch.conf must look like this for winbind to run properly: passwd: files winbind shadow: files group: files winbind You can test that by using the getent command: getent group "TEST\DEP_TEST_MEMBER" The AD group DEP_TEST_MEMBER will be now translated to a Linux GID. - Joining the Domain see command below: > cuzco:~ # net ads join -U Administrator > Administrator's password: > Using short domain name -- NETSYS > Joined 'CUZCO' to realm 'NETSYSTEMSINFO.COM' That looks fine. > We have adjusted the /etc/samba/smb.conf file to match your sample file > config. Here I include a copy: > .[global] > workgroup = NETSYS > realm = NETSYSTEMSINFO.COM > preferred master = no > server string = Linux file server > security = ADS > encrypt passwords = yes > log level = 3 > printcap name = cups > printing = cups > cups options = raw > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > winbind nested groups = no > winbind separator = + The problem resides here: "winbind separator = +" Remove that entry and now the seperator will be "\" > > [series] > comment = Series media files > #inherit acls = Yes > inherit permissions = Yes > path = /Series > read only = No > valid users = @NETSYSTEMSINFO.COM\Series > hide unreadable =yes If you want to use "winbind separator = +" then the "valid users" must be like this: @NETSYSTEMSINFO.COM+Series Regards, Alex. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
