samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] AD group member cant write to the samba sha

[Samba] AD group member cant write to the samba shared folder

From: Tharanga Abeyseela (RGA) <tharanga.abeyseela_at_nospam>
Date: Mon May 03 2010 - 01:17:31 GMT
To: "samba@lists.samba.org" <samba@lists.samba.org>

Hi Guys,

I managed to authenticate AD groups with samba. Now I can define several groups and that group members only be allow to access the shared folders defined in smb.conf. but that members cant see the files or write to that folder. (/home/test)

This is my smb.conf

[global]
workgroup = xxx
realm = xxx.COM
password server = *
server string = Samba file and print server
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
#printcap name = cups
#printing = cups
idmap uid = 15000-20000
idmap gid = 15000-20000
#winbind use default domain = yes
nt acl support = yes
map acl inherit = yes
winbind enum users = yes
winbind enum groups = yes
#client ntlmv2 auth = yes
template homedir = /home/%D/%U
template shell = /bin/bash

[itaccess]
comment = Testing AD Integration
browseable = yes
readonly = no
writeable = yes
path = /home/test/
inherit acls = yes
inherit permissions = yes
valid users = @"xxx+itaccess"
write list = @"xxx+itaccess"
admin users = @"xxx+itaccess"
create mask = 770
force create mode = 770
force directory mode = 770

chmod 770 /home/test
chown root.root /home/test

setfacl -m u:"xxx+itaccess":rwx /home/test
setfacl -d -m u:"RAP+itaccess":rwx /home/test

getfacl /home/test

# file: home/test/
# owner: root
# group: root
user::rwx
group::rwx
group:RAP+itaccess:rwx
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:RAP+itaccess:rwx
default:mask::rwx
default:other::---

drwxrws---+ 2 root root 4096 2010-05-03 10:33 test

but if that goup member try to write something it says access denied. If I put on that test folder , group members cant see it (read it ).

Can someone help me to solve the issue . (Ad group authentication is working properly with samba)

Thanks,
Tharanga
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba