I am setup a samba share server which is authenticating from Active Directory.
I am able to access the share with AD user but not able to access when group defined in "valid users" parameters.
below are the steps i performed.
In smb.conf
[global]
workgroup = QASLABS
password server = WIN-60I6H2BG237.qaslabs.net
realm = QASLABS.NET
preferred master = no
security = ADS
idmap backend = ad
idmap uid = 100-20000000
idmap gid = 100-20000000
winbind separator = +
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
preferred master = no
server string = Linux Test Machine
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
netbios name = smbad
hosts allow = 127.0.0.1 192.16.17.0/24
passdb backend = tdbsam
template homedir = /home/%U
winbind nss info = rfc2307
[Data]
comment = Directory for storing Data
path= /opt/data
valid users = @NETWORK+itadmin NETWORK+testadmin
#valid users = @"QASLABS.NET\\itadmin"
writeable = yes
browseable=yes
create mask = 775
directory mask = 775
hosts allow = 127.0.0.1 192.16.17.0/24
In /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files
networks: files
protocols: db files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
On executing the wbinfo -u i am getting the user list from AD
[root@smbad ~]# wbinfo -u
administrator
guest
krbtgt
testdev
testadmin
testhr
testqa
testit
testcmt
testsupp
testituser
On executing the wbinfo -u i am getting the user list from AD. But groups i created on AD is not displaying in this list [i.e itadmin]
[root@smbad ~]# wbinfo -g
BUILTIN+administrators
BUILTIN+users
SMBAD+itadmin
domain computers
domain controllers
domain admins
domain users
domain guests
group policy creator owners
read-only domain controllers
dnsupdateproxy
cert publishers
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
dnsadmins
schema admins
enterprise admins
enterprise read-only domain controllers
Please help on how to map AD group to samba so that group permissions can be setup on samba