[Freeipa-users] Samba Integration with AD Trust

Baird, Josh jbaird at follett.com
Wed Mar 23 13:10:47 UTC 2016 

Justin,

@ad_admins is an AD group, correct (not a POSIX group), correct?  I still cannot get this working.  Home directory shares are working fine.

(apologies for the broken threading - I don't think I received your message for some reason)

Thanks,

Josh

> -----Original Message-----
From: Justin Stephenson <jstephen redhat com>
To: "Baird, Josh" <jbaird follett com>,	"'freeipa-users redhat com'" <freeipa-users redhat com>
Subject: Re: [Freeipa-users] Samba Integration with AD Trust
Date: Tue, 22 Mar 2016 15:09:50 -0400
I have used the following successfully in the past:

        [shared]
            path = /home/shared
            valid users = @ad_admins
            read only = No
            guest ok = Yes

This requires the sssd-libwbclient rpm which may be installed already as a dependency.

-Justin

> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
> bounces at redhat.com] On Behalf Of Baird, Josh
> Sent: Tuesday, March 22, 2016 2:50 PM
> To: 'freeipa-users at redhat.com'
> Subject: [Freeipa-users] Samba Integration with AD Trust
> 
> Hi all,
> 
> I'm attempting to integrate Samba 4.2.3 with IPA 4.2 (RHEL7).  I have a
> kerberos trust established between IPA and AD.  I have followed the
> instructions on the wiki [1], but had some questions and problems specifically
> related to share permissions:
> 
> I'm having trouble with shares where I need to grant access to a specific AD
> user/group.  I have tried this and other variations with no success:
> 
> [shared]
> 	path = /home/shared
> 	writable = yes
> 	browsable = yes
> 	valid users = testsamba at ad.domain.lan
> 
> I have also tried:
> 
> 	valid users = ad\testsamba
> 	vaild users= @ad\testsamba
> 	valid users= @testsamba at ad.domain.lan
> 
> 
> What is the proper way to allow specific AD groups access to the Samba
> share?  I also tried nesting an external group in a POSIX group with no
> success.  Should I be using something other than 'valid users'?
> 
>  [1]
> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wi
> th_IPA
> 
> Thanks,
> 
> Josh
> 
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list