subject:"Re\: \[Freeipa\-users\] Samba Integration with AD Trust"

Re: [Freeipa-users] Samba Integration with AD Trust

2016-03-23 Thread Baird, Josh

Actually - it looks like this is working.  I think I had something cached on 
the Windows client that I was testing from.

Thanks for the help.

> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Baird, Josh
> Sent: Wednesday, March 23, 2016 9:11 AM
> To: 'freeipa-users@redhat.com'
> Subject: Re: [Freeipa-users] Samba Integration with AD Trust
> 
> Justin,
> 
> @ad_admins is an AD group, correct (not a POSIX group), correct?  I still
> cannot get this working.  Home directory shares are working fine.
> 
> (apologies for the broken threading - I don't think I received your message
> for some reason)
> 
> Thanks,
> 
> Josh
> 
> > -Original Message-
> From: Justin Stephenson 
> To: "Baird, Josh" ,   "'freeipa-users redhat com'"
> 
> Subject: Re: [Freeipa-users] Samba Integration with AD Trust
> Date: Tue, 22 Mar 2016 15:09:50 -0400
> I have used the following successfully in the past:
> 
> [shared]
> path = /home/shared
> valid users = @ad_admins
> read only = No
> guest ok = Yes
> 
> This requires the sssd-libwbclient rpm which may be installed already as a
> dependency.
> 
> -Justin
> 
> > -Original Message-
> > From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> > boun...@redhat.com] On Behalf Of Baird, Josh
> > Sent: Tuesday, March 22, 2016 2:50 PM
> > To: 'freeipa-users@redhat.com'
> > Subject: [Freeipa-users] Samba Integration with AD Trust
> >
> > Hi all,
> >
> > I'm attempting to integrate Samba 4.2.3 with IPA 4.2 (RHEL7).  I have
> > a kerberos trust established between IPA and AD.  I have followed the
> > instructions on the wiki [1], but had some questions and problems
> > specifically related to share permissions:
> >
> > I'm having trouble with shares where I need to grant access to a
> > specific AD user/group.  I have tried this and other variations with no
> success:
> >
> > [shared]
> > path = /home/shared
> > writable = yes
> > browsable = yes
> > valid users = testsa...@ad.domain.lan
> >
> > I have also tried:
> >
> > valid users = ad\testsamba
> > vaild users= @ad\testsamba
> > valid users= @testsa...@ad.domain.lan
> >
> >
> > What is the proper way to allow specific AD groups access to the Samba
> > share?  I also tried nesting an external group in a POSIX group with
> > no success.  Should I be using something other than 'valid users'?
> >
> >  [1]
> >
> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wi
> > th_IPA
> >
> > Thanks,
> >
> > Josh
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Samba Integration with AD Trust

2016-03-23 Thread Baird, Josh

Justin,

@ad_admins is an AD group, correct (not a POSIX group), correct?  I still 
cannot get this working.  Home directory shares are working fine.

(apologies for the broken threading - I don't think I received your message for 
some reason)

Thanks,

Josh

> -Original Message-
From: Justin Stephenson 
To: "Baird, Josh" , "'freeipa-users redhat com'" 

Subject: Re: [Freeipa-users] Samba Integration with AD Trust
Date: Tue, 22 Mar 2016 15:09:50 -0400
I have used the following successfully in the past:

[shared]
path = /home/shared
valid users = @ad_admins
read only = No
guest ok = Yes

This requires the sssd-libwbclient rpm which may be installed already as a 
dependency.

-Justin

> -Original Message-
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Baird, Josh
> Sent: Tuesday, March 22, 2016 2:50 PM
> To: 'freeipa-users@redhat.com'
> Subject: [Freeipa-users] Samba Integration with AD Trust
> 
> Hi all,
> 
> I'm attempting to integrate Samba 4.2.3 with IPA 4.2 (RHEL7).  I have a
> kerberos trust established between IPA and AD.  I have followed the
> instructions on the wiki [1], but had some questions and problems specifically
> related to share permissions:
> 
> I'm having trouble with shares where I need to grant access to a specific AD
> user/group.  I have tried this and other variations with no success:
> 
> [shared]
>   path = /home/shared
>   writable = yes
>   browsable = yes
>   valid users = testsa...@ad.domain.lan
> 
> I have also tried:
> 
>   valid users = ad\testsamba
>   vaild users= @ad\testsamba
>   valid users= @testsa...@ad.domain.lan
> 
> 
> What is the proper way to allow specific AD groups access to the Samba
> share?  I also tried nesting an external group in a POSIX group with no
> success.  Should I be using something other than 'valid users'?
> 
>  [1]
> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wi
> th_IPA
> 
> Thanks,
> 
> Josh
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Samba Integration with AD Trust

Re: [Freeipa-users] Samba Integration with AD Trust

2 matches

Site Navigation

Mail list logo

Footer information