[Samba] Samba as fileserver on Active Directory domain

Robert LeBlanc robert at leblancnet.us
Fri Oct 2 08:49:45 MDT 2009 

What are the permissions on /shared/drive? We use ACLs to control access
rather than smb.conf. This gives us great flexability and you can kind of
manage it using a Windows machine. If you have Kerberos keytab generated,
you can smbmount on Linux using the -o sec=krb5 and no passwords are needed,
it also obeys ACL. The only catch is that you need to use RID or LDAP for
uid/gid mapping or else your permissions won't line up.

Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University


On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez at berkeley.edu> wrote:

> Hello,
>
> We have a Gentoo box running Samba and is a member of the Active Directory
> domain. This Gentoo box will be a fileserver when everything is completed
> and setup as it should.  I want our users to login to their computer
> (Computers are all members of the same Active Directory domain) using Active
> Directory accounts/domain for authentication. I am using Winbind for Active
> Directory authentication/integration. I'm almost done except file permission
> issue.  All is working smoothly (ie. wbinfo, smbclient, getent, etc.). I can
> access/map the shared drive on the Gentoo box from any Windows computer,
> login to a machine without a problem using Active Directory accounts.  The
> Active Directory authentication with Winbind is working as it should.
>
> For some odd reason, I can't figure out how to give permissions to all
> users the ability to make changes/add new folders on the shared drive. I am
> getting access denied even when the users or group are valid users of the
> shared drive per smb.conf.  Below is my smb.conf shared configuration:
>
> [shared]
>       comment = shared
>       path = /shared/drive
>       read only = no
>       inherit permissions = yes
>       create mask = 755
>       directory mask = 755
>       valid users = @"MYDOMAIN+mygroup"
>       browseable = yes
>       writable = yes
>
> Any help would be greatly appreciated.
>
> -Ivan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list