[Samba] Linux local user problem when security = ADS
portsbsd at gmail.com
Thu Jun 25 03:04:03 GMT 2009
On Wed, Jun 24, 2009 at 12:34 PM, Reginald0<regi0 at ig.com.br> wrote:
> Hi, folks!
> I have two RHEL5 Linux machines, both successfuly joined to a Windows 2008
> Server AD domain. I can see AD users, groups, checking trusts, etc.
> My problem is that when I try to mount a share from one Linux machine to the
> other using a local user, I receive the message "mount error 13 = Permission
> If I add the user with same name/password to the Windows AD domain, then I
> can mount the share, and this way I can read but can't write to the mounted
> folder on the client side, unless I set "chmod 777" on the server side, but
> this would open a security hole on my system.
> Before join these two machines to a domain, I was using "security = share"
> and "username map" option to map the server local user to the client remote
> user, and it was working flawlessly.
> Follows below the relevant configuration:
> "/etc/samba/smb.conf" on server:
> security = ADS
> workgroup = DOMAINNAME
> realm = DOMAINNAME
> password server = DOMAINSERVERNAME
> username map = /etc/samba/smbusers
> winbind use default domain = yes
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> path = /share
> writable = yes
> browseable = no
> create mask = 0664
> valid users = remoteusername
> "/etc/samba/smbusers" on server:
> localusername = remoteusername
> "mount" command on client:
> mount -t cifs //MACHINE1/SHARE /share -o user=remoteusername
> If you need some more information, please advise me.
> Thanks in advance,
> View this message in context: http://www.nabble.com/Linux-local-user-problem-when-security-%3D-ADS-tp24189729p24189729.html
> Sent from the Samba - General mailing list archive at Nabble.com.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Last week I did this, I join my samba server running centos 5.3 with
a AD server running Win 2k3.
Went I start testing, wbinfo -u, wbinfo -g show all my users and
groups from AD, the goal of this is that we don't need to add the each
user to Linux+samba user db like we did before with NT4.
username map = /etc/samba/smbusers
I don't like it, I don't have right access to my samba server to see
my settings, but I remember that if I would like to share a folder
like your example, I did this:
chmod 0664 share
chown DOMAIN+username share
path = /share
writable = yes
browseable = no
create mask = 0664
valid users = DOMAIN+username
write list = DOMAIN+username
Just to point that, I setup winbind, pam and all that stuff to make
my AD server to samba all the info about names+groups.
LIving the dream...
More information about the samba