[Freeipa-users] Samba Integration with AD Trust
Baird, Josh
jbaird at follett.com
Wed Mar 23 13:10:47 UTC 2016
Justin,
@ad_admins is an AD group, correct (not a POSIX group), correct? I still cannot get this working. Home directory shares are working fine.
(apologies for the broken threading - I don't think I received your message for some reason)
Thanks,
Josh
> -----Original Message-----
From: Justin Stephenson <jstephen redhat com>
To: "Baird, Josh" <jbaird follett com>, "'freeipa-users redhat com'" <freeipa-users redhat com>
Subject: Re: [Freeipa-users] Samba Integration with AD Trust
Date: Tue, 22 Mar 2016 15:09:50 -0400
I have used the following successfully in the past:
[shared]
path = /home/shared
valid users = @ad_admins
read only = No
guest ok = Yes
This requires the sssd-libwbclient rpm which may be installed already as a dependency.
-Justin
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
> bounces at redhat.com] On Behalf Of Baird, Josh
> Sent: Tuesday, March 22, 2016 2:50 PM
> To: 'freeipa-users at redhat.com'
> Subject: [Freeipa-users] Samba Integration with AD Trust
>
> Hi all,
>
> I'm attempting to integrate Samba 4.2.3 with IPA 4.2 (RHEL7). I have a
> kerberos trust established between IPA and AD. I have followed the
> instructions on the wiki [1], but had some questions and problems specifically
> related to share permissions:
>
> I'm having trouble with shares where I need to grant access to a specific AD
> user/group. I have tried this and other variations with no success:
>
> [shared]
> path = /home/shared
> writable = yes
> browsable = yes
> valid users = testsamba at ad.domain.lan
>
> I have also tried:
>
> valid users = ad\testsamba
> vaild users= @ad\testsamba
> valid users= @testsamba at ad.domain.lan
>
>
> What is the proper way to allow specific AD groups access to the Samba
> share? I also tried nesting an external group in a POSIX group with no
> success. Should I be using something other than 'valid users'?
>
> [1]
> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wi
> th_IPA
>
> Thanks,
>
> Josh
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list