Linux File Server in Windows AD environment.

am trying to see AD objects from permissions on Linux Suse Enterprise file server that is running Samba and is joined to AD domain.
Have installed SFU(Services for Unix)3.5 on Windows DC.

Can browse the domain from Linux server
Can create shares on folders or printers and see them from Windows clients but can't access them because I can't grant permissions to AD objects on the linux server because all I see is the linux users/groups.

tia
clownbirdAsked:
Who is Participating?
 
jannisjConnect With a Mentor Commented:
You have to map the Windows AD groups to groups on the linux server:

It works like this:

net groupmap add ntgroup="Domain Admins" unixgroup=domadm rid=512 type=d

The unixgroup domadm must exist on the linux server.
(you could for instance use root as the Domain Admins group on linux).

Here is an example of a basic groupmapping:

net groupmap add ntgroup="Domain Admins" unixgroup=root
net groupmap add ntgroup="Domain Users" unixgroup=users
net groupmap add ntgroup="Domain Guests" unixgroup=nobody
0
 
clownbirdAuthor Commented:
Would a dedicated LDAP directory simplify things, such as Tivoli DS or OpenLDAP to replicate against the AD and let the Linux server authenticate against it?  
OR, are you saying that ultimately there has to be name mappping for each object(user and/or group) on the Linux server for to control authorization on the shares?


thx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.