All,
On my ubuntu linux machine here, I already have samba set up and configured with winbind to perform authentication against the local windows domain controller. Thankfully that part is all working fine - that was supposed to be the hard part. The issue I have now is: I need to grant members of a certain AD group access to share (this was supposed to be easy, but is not working)
sanity check of winbind (sample output):
$ wbinfo -g
MYDOMAIN\domain admins
MYDOMAIN\domain users
MYDOMAIN\my group
MYDOMAIN\my group2
Looks good. I need to grant all users in "my group" access to the share, all others shouldn't even see it.
[share]
comment = Testing
path = /media/share
guest ok = no
read only = yes
valid users = @"MYDOMAIN\My Group"
browseable = no
locking = no
If I put guest ok = yes, everything works fine. If I turn it to no, I get an authentication prompt. Answering it with invalid credentials comes back with "invalid user name or bad password", vs valid credentials says "access denied". So I know that the authentication with the domain controller is working fine, but limiting access to that group only is not.
The group name has a space in it which probably isn't helping. I have tried many different combinations, but nothing seems to work. What is the proper syntax for this? We have winbind separator=\ earlier in the config file -- is that part of the problem maybe?
valid users = @"MYDOMAIN\My Group"
valid users = "@MYDOMAIN\My Group"
valid users = "MYDOMAIN\My Group"
etc
nothing seems to work. My methodology for testing this is fine as soon as i put guest ok =yes, the share still works. What's the right syntax for valid users= "My Domain\My Group"? Any thoughts?
Thanks,
John
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Create a new topic
Follow the discussion
11 replies
Make a reply
May 22nd, 2013 - 11:13 PM ET
Join now
Login
Replies