I'm trying to setup a samba share that is authenticated through Active Directory using winbind.

So far I have things pretty much configured and winbind is working but I just don't fully understand the mapping of AD groups to local SUSE groups. I'm using winbind nested groups, idmap backend = tdb

In AD I have group WebdevAD
In SUSE I have a group webdevsuse

Folder in SUSE: drwxrwx--- root webdevsuse ... testfolder

So I'm sharing out the testfolder in samba

[testfolder]
comment = test share
path = /testfolder
read only = No
acl group control = Yes
inherit acls = Yes
browsable = yes

This share is visible on windows 7 clients at this point, just not accessible. If I make the other\world section r_x then anyone can read the contents of the share but can't modify or add anything to it.

Now from the information I've been reading samba has it's own groups in the tdb database. If you were to open computer manager on a windows client and connect to the samba system it will show you the accounts and groups within it. You can add groups and assign AD user and groups to this group but the group is not a part of the suse groups. It's not in the /etc/groups file.

So in Samba I have a group WebDev with the AD group WebdevAD as a member.

So at this point there is a AD group as a member of a Samba group but with no link to the SUSE group assigned permissions on the testfolder.

It seems that I might be going about this the wrong way or I'm missing a step somewhere. I have tried to map the samba group to the SUSE group webdevsuse but it just destroyed the mapping to the AD group and rewrote the mapping.

I'm confused on how this is all linked together. Any help would be greatly appreciated.

Thank you