[Samba] AD shares in samba & permissions

[Benjamin Budts]

Hi,

 

I have a redhat 6.5 with samba 3.6.9 and a working AD integration.

 

I used the redhat guide to create a share, but it's only working partly.

Ie the second group of valid users I add after the comma doesn't have access
to the share. You get a popup like access DENIED.

/var/log/samba/log.accessmachine shows the same error NT_ACCESS_DENIED.

I think it's due to the fact that the owner of the share dir is root and the
group DOMAIN\group1 (that how I chgrp'ed the shared dir) <- ie only the
group owner seems to have access to the dir.

 

I'd like a config where multiple AD groups have access to a shared dir, can
anyone advise me please ?

 

thx

 

Adding AD Shares in Samba

 

.         Here is a example. This is expecting winbind to be set up and
working.

 

[Samba_Share]
comment = My Samba share
path = /SAMBASHARE
read only = yes
guest ok = no
printable = no
valid users = +"DOMAIN\group1", +"DOMAIN\group2"
write list = +"DOMAIN\group1"

 

.         What the above will do is if you are not in DOMAIN\group1 or
DOMAIN\group2 

you will not be able to get to the share. If you are in DOMAIN\group1 or
DOMAIN\group2 

you will have read access and if you are in DOMAIN\group1 you will have
read/write access.

 

.         We may need to make sure the share has proper permissions (two
back slashes are required for the first command because a backslash is
considered an escape character).

# chgrp -R "DOMAIN\\domain users" /SAMBASHARE/
# chmod -R g+rws /SAMBASHARE/
# chcon -R -t samba_share_t  /SAMBASHARE/ <-- only if we run Selinux !!!