[Samba] Re: Samba + AD etc.

sysrm sysrm at stvincent.ac.uk
Thu May 12 09:48:37 GMT 2005 

Ok I seem to making some headway,

Someone suggested it being a Kerberos tickets issue, but that didn't seem to
fix it.

1st off, the main problem with the share was a typo :/

In the smb conf I mistyped the location of the directory, as was shown in
samba log file.

Now both smbclient and windows can connect No problem! Now im not sure if
this was to do with the Kerberos issue or not, but anyways, im further than
I was.

My next question is about managing user rights etc.

On my current samba, this is dealt with by using chown/chgrp and chmod

But when I run these commands it says unknown username (as previously stated
and answered)

Even tho I think ive done the pam stuff listed in the how to's.

So. How/where can I enforce user/grp permissions on the samba files?

Many thanks

Ross


-----Original Message-----
From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of
sysrm
Sent: 12 May 2005 09:25
To: 'Carlos Rodrigues'; samba at lists.samba.org
Subject: RE: [Samba] Re: Samba + AD etc.

Hi carlos,

Tried doing the smbclient bit and got back

[root at dev1 bin]# ./smbclient -Utest //172.16.2.253/mp3
Password:
Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a] tree connect failed:
NT_STATUS_NO_SUCH_USER 

(NB no mp3's in there, just had to think of a test dir to set up... :P)

Test deffo exists on the AD so...

[root at dev1 bin]# wbinfo -u
DEV-DOMAIN+administrator
DEV-DOMAIN+guest
DEV-DOMAIN+auth1$
DEV-DOMAIN+krbtgt
DEV-DOMAIN+dev1$

!

Then do net ads user

[root at dev1 bin]# ./net ads user -UAdministrator Administrator's password:
Administrator
Guest
krbtgt
test

Then wbinfo

[root at dev1 bin]# wbinfo -u
DEV-DOMAIN+administrator
DEV-DOMAIN+guest
DEV-DOMAIN+auth1$
DEV-DOMAIN+krbtgt
DEV-DOMAIN+dev1$
DEV-DOMAIN+dev2$
DEV-DOMAIN+test

And try smbclient again

[root at dev1 bin]# ./smbclient -Utest //172.16.2.253/mp3
Password:
Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a] tree connect failed:
NT_STATUS_NO_SUCH_USER

Now test doesn't exist in /etc/passwd so I can only assume that samba isnt
quite talking to the AD correctly?

Many Thanks

Ross

-----Original Message-----
From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of
Carlos Rodrigues
Sent: 11 May 2005 17:47
To: samba at lists.samba.org
Subject: [Samba] Re: Samba + AD etc.

sysrm wrote:
> Hi all...
> 
> Im at the stage where:
> 
> Kinit works
> Net ads join -U Administrator works (I can see the computer in AD) Net 
> ads user works Wbinfo -u / -g / -t works Getent passwd/group works
> 
> What I cannot seem to get working is when someone logs onto the 
> domain, and then tries to map a drive to the samba server, its like 
> the credentials arent getting passed onto samba, or rather samba is 
> unable to look them up properly.

Can you log in to samba using "smbclient -Uuser //yourserver/yourshare"? 
And doing "kinit user; smbclient -k //yourserver/yourshare"?

> Am I missing a vital step/componant?
> 
> Things like su - ADUSERNAME don't work, and neither does chown, chgrp 
> commands ( are they even ment to work?)

They shouldn't. To have local authentication you must configure pam to use
whatever means of talking to the AD you are using (winbind, ldap or
kerberos).

> Any help, ideas, WHY HAVNT YOU READ THIS FAQ (I probably have in
> fairness) gratefully received.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list