[Freeipa-users] Samba Integration with AD Trust
Justin Stephenson
jstephen at redhat.com
Tue Mar 22 19:09:50 UTC 2016
I have used the following successfully in the past:
[shared]
path = /home/shared
valid users = @ad_admins
read only = No
guest ok = Yes
This requires the sssd-libwbclient rpm which may be installed already as
a dependency.
-Justin
On 03/22/2016 02:49 PM, Baird, Josh wrote:
> Hi all,
>
> I'm attempting to integrate Samba 4.2.3 with IPA 4.2 (RHEL7). I have a kerberos trust established between IPA and AD. I have followed the instructions on the wiki [1], but had some questions and problems specifically related to share permissions:
>
> I'm having trouble with shares where I need to grant access to a specific AD user/group. I have tried this and other variations with no success:
>
> [shared]
> path = /home/shared
> writable = yes
> browsable = yes
> valid users = testsamba at ad.domain.lan
>
> I have also tried:
>
> valid users = ad\testsamba
> vaild users= @ad\testsamba
> valid users= @testsamba at ad.domain.lan
>
>
> What is the proper way to allow specific AD groups access to the Samba share? I also tried nesting an external group in a POSIX group with no success. Should I be using something other than 'valid users'?
>
> [1] http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
>
> Thanks,
>
> Josh
>
More information about the Freeipa-users
mailing list