[Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC

Rowland Penny rpenny at f2s.com
Mon May 20 05:09:43 MDT 2013 

Hi, Remove all of this:

#  security = ads
  password server = 192.168.25.133
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind enum users = yes
  winbind enum groups = yes
  winbind cache time = 10
  winbind use default domain = yes

Then remove this line:
      valid users = @SAMDOM\SCHUELER

restart samba4

Go here:
http://linuxcostablanca.blogspot.co.uk/2013/04/sssd-in-samba-40.html

Install sssd refering to the above link

Then browse google for using ACL.s with samba4, this usually just entails
adding 'acl, xattr' to the relevant line in your /etc/fstab

Then set the access from a windows pc

Forget winbind, it sucks, Samba4 winbind != Samba3 winbind, samba4 winbind
!= complete

Note that this is just my own opinion.

Rowland


On 20 May 2013 11:57, Ulrich Schneider <man at ulrichschneider.de> wrote:

> Could you please confirm how you provisioned samba4, post a sanitized
>> version of your smb.conf and explain just what you are hoping to achieve.
>>
>
> Ok, I will do that.
>
> I want to use samba4
> 1. as an active directory domain controller
> 2. as a file server providing diefferent shares for different windows
> users/groups.
>
> To do so I used the samba provision script to set up samba as AD DC. Works
> fine.
>
> Then I read about restrctioning shares to win users/groups with:
>         valid users = @SAMDOM\SCHUELER
>
> This is not working. When a user in the win group SCHUELER is accessing a
> share he gets a popup window with username /password saying that the acces
> was denied to this share.
>
> smb.conf
>
> # Global parameters
> [global]
>         workgroup = SAMDOM
>         realm = SAMDOM.EXAMPLE.COM
>         netbios name = ULI-SD30V10
>         server role = active directory domain controller
>         dns forwarder = 192.168.25.254
>
> #  security = ads
>   password server = 192.168.25.133
>   idmap uid = 10000-20000
>   idmap gid = 10000-20000
>   winbind enum users = yes
>   winbind enum groups = yes
>   winbind cache time = 10
>   winbind use default domain = yes
>
>
> [netlogon]
>         path = /usr/local/samba/var/locks/**sysvol/samdom.example.com/**
> scripts <http://samdom.example.com/scripts>
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/**sysvol
>         read only = No
>
> [schueler]
>       path = /data/schueler
>       comment = Schueler
>       read only = no
>       valid users = @SAMDOM\SCHUELER
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>

More information about the samba mailing list