[Samba] Samba and AD based home shares are visible but not accessible
Cybulski, Adam M
acybulski at albany.edu
Tue Jun 20 20:21:14 UTC 2017
I've set up a CentOS system in my predominantly windows environment. Getting it to authenticate users with ssh based on AD user groups using KRB5 and SSSD was comparatively easy, but I am not able to share files from it.
I followed the guide here to get as far as I did: https://www.centos.org/forums/viewtopic.php?t=52872
When I browse to the server using \\<serverIP<file://%3cserverIP>> I am presented with the folder USERAID at Univ.school.edu<mailto:USERAID at Univ.school.edu> which corresponds to the account I am logged into the windows computer with. However, when I try to open it, I am told I do not have permission. I tried to create a non home folder, that all members of the AD group would be able to have access to, but I seem to be experiencing the same result.
Here is my smb.conf file, sanitized, but with as much information intact as I could manage. I have been at this all day battling it out with suggestions from google and previous posts in this mailing list with no success.
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = <simplified domain name>
realm = univ.school.edu
netbios name = hostname
password server = *
server string = Samba Server Version %v
security =ADS
log file = /var/log/samba/log.%m
max log size = 5000
load printers = No
idmap config * : backend = tdb
log level = 4
local master = no
domain master = no
preferred master = no
wins support = no
wins proxy = no
dns proxy = yes
name resolve order = wins bcast host lmhosts
#username map script = /bin/echo
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = UserAID at univ.school.edu, @"linuxprojectgroup at univ.school.edu"
read only = no
[share]
comment = share
path = /share
browseable = yes
writable = yes
valid users = @"linuxprojectgroup at univ.school.edu"
More information about the samba
mailing list