Greetings,
I have been a linux user for sometime, but have only recently started working with LDAP after hearing about the Fedora Directory Server. I have been using it primarily with integration into Samba as a replacement for Active Directory, and it has been working well thus far. I have deployed a servers into a production environment, and it's working great.
I followed the howto for Samba found on the main page, and the server is setup in this way.
My question though relates to group security. Since I wish to delegate access to files on the samba fileserver via group membership, how can I accomplish this using FDS and Samba? Am I able to create a group using the Admin Console, add the user accounts to be members of the group, and then set security on shares based on group? Or is there a specific procedure to follow? I'm becoming fairly versed at samba, but LDAP is still quite new to me. Obviously the more I can do using the Admin console, the happier I, and my customers are.
I have tried creating a share in samba, allowing only access to the group that I created in the directory, then adding a user to that group, but the user is unable to access the share, as samba doesn't seem to be aware of the group created in the directory.
A bit of searching has told me that samba wants the group to be a posix group, or to exist in the /etc/group file on the system. Several LDAP/Samba howtos have also suggested at needing to run a net groupmap command to map the ldap group to a posix id. This makes sense, as in the Fedora howto this is necessary to create the well-known groups which users are added to later on, but then how is group membership managed? The well-known groups that are created during the initial howto appear differently in the administration console, and double clicking them only opens the advanced the properties, and not the ability to add additional members to the group.
I apologize for any parts that don't make sense, but hopefully someone will catch what I'm actually meaning and be able to offer some help. If any more information is required, please ask, and I will gladly provide.
Tim Friesen