我正在运行 Ubuntu 20.04 作为文件服务器。我已将其配置为连接到 Active Directory。我可以获取用户和组。团体指南及其映射中很少见的东西
getent group helpdesk
helpdesk:x:11164:user1,user2,user3
getent group helpdesk@domain.local
helpdesk@domain.local:*:189401164:user1@domain.local,user2@domain.local,user3@domain.local
getent passwd user1
user1:*:14982:10513:User Name:/home/DOMAIN/user1:/bin/bash
getent passwd user1@domain.local
user1:*:14982:10513:User Name:/home/DOMAIN/user1:/bin/bash
值得一提的是 user1、user2 和 user3 不是本地用户。他们来自域。组也。
当我运行 chown 使帮助台成为目录的组所有者时,我可以编辑文件,但如果组所有者是 helpdesk@domain.local 我无法编辑
我的具体问题是我有一个 group@domain.local 仅显示在长映射 guid 中,我需要使该组成为共享的所有者。最近几天一直在试图解决这个问题,但我无法解决这个问题。
getent group group
getent group group@domain.local
group@domain.local:*:189405125:user1@domain.local,user2@domain.local
我的 smb.conf 是这样的:
[global]
workgroup = DOMAIN
security = ADS
password server = AD.DOMAIN.local
realm = DOMAIN.LOCAL
encrypt passwords = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Data %h
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN: backend = rid
idmap config DOMAIN: range = 10000-999999
template shell = /bin/bash
template homedir = /home/DOMAIN/%U
domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
host msdfs = no
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
unix extensions = no
reset on zero vc = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[Share]
comment = "Share Files"
path = /path/to/shre
valid users = @group@domain.local @group
force group = group@domain.local
force user = admin
writable = yes
read only = no
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = yes
acl_xattr:ignore system acls = yes
如何使 group@domain.local 用户可以访问共享?