[Samba] W2k8r2 and samba 3 integration

steve steve at steve-ss.com
Wed Dec 4 03:59:14 MST 2013 

On Wed, 2013-12-04 at 10:38 +0000, paul harford wrote:
> Hi Samba users
> we have a samba 3 system we use as a NAS for a windows AD setup but we are
> having serious issues with the ad integration.

Hi
Have you joined the NAS to the domain? Do you have a keytab on the NAS
which contains its machine key?
> 
> has anyone any tips or trick for the AD windows 2008r2/ samba integration ?
> 
> we basically can't add groups or users to the share from the AD dc. we just
> get access denied even if we make the domain admins and current user the
> owner of the share. we have tried various configs and the below seems to
> get us part of the way.

Not sure if I understand. You would add files to a share. Not users or
groups. Do you mean that you wish only certain users or groups to access
the files in the share?

If so, which share? Your config doesn't seem to have any shares which
users would access.
> 
> i would appreciate any suggestions for you guys :-)

Which version of samba do you have on the NAS? I think the first thing
we must do is get the NAS properly joined to the domain but almost
certainly we'll have to revise your smb.conf

HTH. To get us started at least.
Steve



> 
> [global]
> 
>         log file = /var/log/samba/log.%m
> 
>         winbind nss info = rfc2307
> 
>         load printers = yes
> 
>         idmap gid = 10000-30000
> 
> #       winbind trusted domains only = yes
> 
>         encrypt passwords = yes
> 
>         realm = "DOMAIN removed for security reasons"
> 
> #       winbind use default domain = yes
> 
>         passdb backend = tdbsam
> 
>         cups options = raw
> 
>         netbios name = sfnas02
> 
>         server string = Samba Server Version %v
> 
>         idmap uid = 10000-30000
> 
>         workgroup = "DOMAIN removed for security reasons"
> 
>         os level = 20
> 
>         security = ADS
> 
>         max log size = 50
> 
>         winbind enum users = yes
> 
>         winbind enum groups = yes
> 
> 
> 
>         winbind nested groups = Yes
> 
>         vfs objects = acl_xattr
> 
>         acl_xattr:ignore system acls = yes
> 
>         map acl inherit = Yes
> 
>         store dos attributes = Yes
> 
>         acl group control = Yes
> 
>         acl map full control = Yes

More information about the samba mailing list