[Samba] Unix ADS group membership or vice versa - Samba

This is a discussion on [Samba] Unix ADS group membership or vice versa - Samba ; Hello, I have a Samba server set up as a member of an Active Directory domain. Authentication works great and my Windows users are able to log on to the Linux workstation without any problems. What I'd like to do ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] Unix ADS group membership or vice versa

  1. [Samba] Unix ADS group membership or vice versa

    Hello,

    I have a Samba server set up as a member of an Active Directory domain.
    Authentication works great and my Windows users are able to log on to the
    Linux workstation without any problems.

    What I'd like to do is set up some of my local Unix accounts as members of
    ADS groups. Is this possible with Samba? If not, would it be possible to
    make an ADS account a member of a local Unix group?

    I'm running Samba 3.0.22 that comes with Ubuntu 6.06.

    Thanks in advance!
    TC Hough
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Unix ADS group membership or vice versa

    You can't make a local user a member of an AD group since AD needs to
    know about them.

    You can however add an AD user to a local group just like you would
    for a local user.

    This is true with normal LDAP accounts as well.

    On Fri, Apr 18, 2008 at 8:09 PM, TC Hough wrote:
    > Hello,
    >
    > I have a Samba server set up as a member of an Active Directory domain.
    > Authentication works great and my Windows users are able to log on to the
    > Linux workstation without any problems.
    >
    > What I'd like to do is set up some of my local Unix accounts as members of
    > ADS groups. Is this possible with Samba? If not, would it be possible to
    > make an ADS account a member of a local Unix group?
    >
    > I'm running Samba 3.0.22 that comes with Ubuntu 6.06.
    >
    > Thanks in advance!
    > TC Hough
    > --
    > To unsubscribe from this list go to the following URL and read the
    > instructions: https://lists.samba.org/mailman/listinfo/samba
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] Unix ADS group membership or vice versa

    Ryan Bair wrote:
    > You can't make a local user a member of an AD group since AD needs to
    > know about them.
    >
    > You can however add an AD user to a local group just like you would
    > for a local user.
    >
    > This is true with normal LDAP accounts as well.
    >


    I've spent a fair chunk of the day looking for a solution, and have only
    found people w/ similar problems.

    I have NO ability to control/manipulate the Active Directory(AD) server
    - different group manages that resource.

    I have a samba server as an AD. Currently the AD users can access the
    Samba shares. I have added some AD users to the local UNIX groups on
    the server but that does not not seem to be working - while (UNIX) group
    membership should permit access to the resource, the users are being
    denied access by Samba - according to the logs. I have used the "net
    groupmap add" to map the local UNIX group to a windows group in Samba.
    Shouldn't this work?

    How do I convince samba to check and see if an AD account is a member of
    a local UNIX group?

    On my older systems that are still using samba as a PDC this works fine
    - but I need to move the servers to AD for authentication.

    What (obvious) step have I missed?

    Samba version 3.0.28a on Solaris

    Thanks in advance.

    -bob


    --
    ************************************************** *********************
    Bob Martel,System Administrator I met someone who looks a lot like you
    Levin College of Urban Affairs She does the things you do
    Cleveland State University But she is an IBM
    (216) 687-2214
    r.martel@csuohio.edu -Jeff Lynne
    ************************************************** *********************
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread