[Samba] Samba server joining domain and browsing group shares

Alex de Vaal samba.alex at gmail.com
Fri Mar 21 12:20:55 GMT 2008 

On Tue, Mar 11, 2008 at 12:25 AM, Victor Mendez <vmendez at netsystemsinfo.com>
wrote:

Alex thanks a lot. The problem was solved. The configuration information you
> provided me was very precise and correct. The problem was with SuSE and
> the
> YAST2 SAMBA GUI.


Hello Victor,

I'm glad that my configuration information put you on the right track to get
things going.
The configuration information I gave you runs on more than 100 Samba sites
that are a Domain Member of a W2k3 Domain Controller.

Thanks a lot,  over the weekend we converted the 1st production server with
> this setup and we are converting 2 more win2k servers to samba servers. We
> are only keeping the PDC(It only contains the Active directory
> information,
> nothing else).
>

We have more or less the same setup, we have around 7 W2k3 Domain
Controllers on several European sites.
On more than 100 sites we have only CentOS/Red Hat Enterprise Linux servers
running with Samba as domain member.
The Samba domain members are connected to the remote DC's and this works
fine for more than 3 years now!


> The following is for SuSE user with 10.3 x-64,  shares names defined
> in /etc/samba/smb.conf should be in lower case. It will not work when
> using
> upper case characters. Another thing when creating groups on the windows
> PDC
> make sure that the groups are global not local otherwise linux function
> getent will not see them.
> Well that does it for us.


I have my shares configured in lower case (as you said), like this:

[grp]
    comment = Group Directory
    path = /data/grp
    valid users = @TEST.COM\DEP_TEST_MEMBER
    read only = No
    inherit permissions = Yes
    hide unreadable = Yes

The AD group DEP_TEST_MEMBER has access to this share.

In the AD we have also a group DEP_TEST_IT and IT users (in the test
environment) are member of both AD groups, so the users have access to the
share.

On Linux file system level I have in the /data/grp directory a directory
called: IT.

I gave the AD group DEP_TEST_IT as follow rights on the IT directory:

chmod 2770 /data/grp/IT
chown 0:"TEST\dep_test_it" IT

"TEST\dep_test_it" must be between " " because \ is a meta character, like
this it is the \ separator for winbind.

The group names in the AD that are in capital case stored in the AD are
resolved in lower case by the winbind daemon.

Indeed, the group dep_test_it must NOT exist in the Linux group entry.

Cheers Alex and thanks again ;-)
> Regards
> Victor
>

You're welcome.

Regards,
Alex.

More information about the samba mailing list