Greetings,
I have been a linux user for sometime, but have only recently started working with LDAP
after hearing about the Fedora Directory Server. I have been using it primarily with
integration into Samba as a replacement for Active Directory, and it has been working well
thus far. I have deployed a servers into a production environment, and it's working
great.
I followed the howto for Samba found on the main page, and the server is setup in this
way.
My question though relates to group security. Since I wish to delegate access to files on
the samba fileserver via group membership, how can I accomplish this using FDS and Samba?
Am I able to create a group using the Admin Console, add the user accounts to be members
of the group, and then set security on shares based on group? Or is there a specific
procedure to follow? I'm becoming fairly versed at samba, but LDAP is still quite new
to me. Obviously the more I can do using the Admin console, the happier I, and my
customers are.
I have tried creating a share in samba, allowing only access to the group that I created
in the directory, then adding a user to that group, but the user is unable to access the
share, as samba doesn't seem to be aware of the group created in the directory.
A bit of searching has told me that samba wants the group to be a posix group, or to exist
in the /etc/group file on the system. Several LDAP/Samba howtos have also suggested at
needing to run a net groupmap command to map the ldap group to a posix id. This makes
sense, as in the Fedora howto this is necessary to create the well-known groups which
users are added to later on, but then how is group membership managed? The well-known
groups that are created during the initial howto appear differently in the administration
console, and double clicking them only opens the advanced the properties, and not the
ability to add additional members to the group.
I apologize for any parts that don't make sense, but hopefully someone will catch what
I'm actually meaning and be able to offer some help. If any more information is
required, please ask, and I will gladly provide.
Tim Friesen