[Samba] Samba server joining domain and browsing group shares
Alex de Vaal
samba.alex at gmail.com
Fri Feb 29 10:04:55 GMT 2008
On Fri, Feb 29, 2008 at 5:12 AM, Victor Mendez <vmendez at netsystemsinfo.com>
Alex thank you for your support, can you please explain the command below:
> Specially the chown I'm not familiar with the syntax you are using. If I
> to apply this to our TEST configuration it does not work we get the
> cuzco:~ # chown 0:"NETSYS\Series" /Series
> chown: `0:NETSYS\\Series': invalid group
> Being NETSYS = workgroup name
> Being Series = group Series defined on the ADS windows PDC
> Being /Series = a disk share on the samba machine
> > On the server you have to use the chown command and chmod command to
> > the AD group DEP_TEST_MEMBER access on the Linux filesystem:
> > chmod g+s /data/grp
> > chown 0:"TEST\DEP_TEST_MEMBER" /data/grp
> QUESTION: does DEP_TEST_MEMBER is a group defined on the Linux box and on
> ADS. or is only defined on the ADS.?
DEP_TEST_MEMBER is a group only defined in the AD.
> on my linux TEST box on the /etc/groups there is no "Series" group
> on my windows TEST ADS there is a group called "Series" with 4 users
> Another thing maybe I have not been clear, from our windows workstations
> want to connect to a share in the Linux box but the user logged in the
> workstation does NOT have an account on linux machine he has an account on
> the windows ADS PDC.
AD users don't need a account on the Linux machine. But for Samba to work
properly with AD users, you also need the winbind daemon to run.
winbind is a daemon of Samba. If winbind runs properly then AD users/groups
will be a (virtual) part of /etc/passwd and /etc/group.
The file /etc/nsswitch.conf must look like this for winbind to run properly:
passwd: files winbind
group: files winbind
You can test that by using the getent command:
getent group "TEST\DEP_TEST_MEMBER"
The AD group DEP_TEST_MEMBER will be now translated to a Linux GID.
- Joining the Domain see command below:
> cuzco:~ # net ads join -U Administrator
> Administrator's password:
> Using short domain name -- NETSYS
> Joined 'CUZCO' to realm 'NETSYSTEMSINFO.COM'
That looks fine.
> We have adjusted the /etc/samba/smb.conf file to match your sample file
> config. Here I include a copy:
> workgroup = NETSYS
> realm = NETSYSTEMSINFO.COM
> preferred master = no
> server string = Linux file server
> security = ADS
> encrypt passwords = yes
> log level = 3
> printcap name = cups
> printing = cups
> cups options = raw
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind nested groups = no
> winbind separator = +
The problem resides here: "winbind separator = +"
Remove that entry and now the seperator will be "\"
> comment = Series media files
> #inherit acls = Yes
> inherit permissions = Yes
> path = /Series
> read only = No
> valid users = @NETSYSTEMSINFO.COM\Series
> hide unreadable =yes
If you want to use "winbind separator = +" then the "valid users" must be
like this: @NETSYSTEMSINFO.COM+Series
More information about the samba