[Samba] Problems with Samba as a ADS domain member
Andreas Stallmann
stallmann at dawin.de
Tue Oct 11 10:07:03 GMT 2005
Hi there,
I have some problems with a samba server (v. 3.0.14a installed on gentoo
linux 2005.1), which is a domain member server in an windows 2003 active
directory domain.
The authentication works fine, and when I set the permissions on the
Linux side for a certain user on a certain folder, he will have the
access I granted him. As I'm using reiserfs with acl-support for the
/-partition and xfs (which has acl build in) for /home, I can even chown
a folder to several users (by using setfacl). Nice.
Now, here's what causing me trouble:
User and group permissions are not displayed correctly in windows
explorer. Well... you can see, who has permissions on the directories,
but there are no checkboxes set. As the local admin of our customer is a
pure Windows guy, I can't tell him to set permissions via a Linux
commandline. He'd like to do this via Windows Explorer. Shouldn't this
work? Or am I working on a problem that can not be solved with samba?
Are there any errors in my smb.conf? At least, testparm
As gentoo is not using the latest samba version (3.0.14a-r2 instead of
3.0.20a), I will test the scenario with a new samba compiled from the
original sources. Will that be helpful?
My smb.conf looks like that:
[global]
netbios name = fileserver-2
server string = Samba Server %v
log file = /var/log/samba/samba.log
log level = 9
smb passwd file = /var/lib/samba/private/smbpasswd
username level = 8
os level = 33
domain master = no
local master = no
prefered master = no
domain logons = no
username map = /etc/samba/smbusers
map to guest = bad user
encrypt passwords = yes
realm = mein-kunde.de
workgroup = mein-kunde
security = ads
# Winbind Parameter
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/userdaten/%U
template shell = /bin/false
;winbind enable local accounts = yes
# ACL Parameter
inherit acls = yes
acl compatibility = auto
map acl inherit = yes
# Behebung einiger Kompatibilitätsprobleme
#store dos attributes = yes
#dos filemode = yes
#dos filetimes = yes
#dos filetime resolution = yes
max protocol = NT1
min protocol = NT1
client lanman auth = no
lanman auth = no
# Netlogon Konfiguration
logon path = \\%L\PROFILE\%U
logon drive = h:
#----- Freigaben -----#
[homes]
comment = Home Directory
browseable = no
writeable = yes
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
[USERDATEN]
comment = Home Directory
path = /home/userdaten
read only = no
writeable = yes
[gruppenspeicher]
comment = Home Directory
path = /home/gruppenspeicher
read only = no
[PROFILE]
comment = User Profile
path = /home/profile
read only = no
writeable = yes
[netlogon]
comment = Logonscripte
path = /home/netlogon
browseable = no
Regards,
Andreas
--
dawin GmbH - Andreas Stallmann - Consultant
Belgische Allee 50 - 53842 Troisdorf
FON +49 (0)2241 / 39 71 98 - 0
FAX +49 (0)2241 / 39 71 98 - 9
--
dawin GmbH - Andreas Stallmann - Consultant
Belgische Allee 50 - 53842 Troisdorf
FON +49 (0)2241 / 39 71 98 - 0
FAX +49 (0)2241 / 39 71 98 - 9
--
dawin GmbH - Andreas Stallmann - Consultant
Belgische Allee 50 - 53842 Troisdorf
FON +49 (0)2241 / 39 71 98 - 0
FAX +49 (0)2241 / 39 71 98 - 9
More information about the samba
mailing list