[Samba] Samba as fileserver on Active Directory domain

Jonathan Petersson jpetersson at garnser.se
Fri Oct 2 10:17:40 MDT 2009

Hi Ivan,

I'm working on a similar thing but is having some issues with the
kerberos sessions between samba and AD. Is your Samba server a member
of a Win2k8R2 or a Win2k3 domain?



On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez <iordonez at berkeley.edu> wrote:
> Robert LeBlanc wrote:
>> What are the permissions on /shared/drive? We use ACLs to control access
>> rather than smb.conf. This gives us great flexability and you can kind of
>> manage it using a Windows machine. If you have Kerberos keytab generated,
>> you can smbmount on Linux using the -o sec=krb5 and no passwords are needed,
>> it also obeys ACL. The only catch is that you need to use RID or LDAP for
>> uid/gid mapping or else your permissions won't line up.
>> Robert LeBlanc
>> Life Sciences & Undergraduate Education Computer Support
>> Brigham Young University
>> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez at berkeley.edu
>> <mailto:iordonez at berkeley.edu>> wrote:
>>    Hello,
>>    We have a Gentoo box running Samba and is a member of the Active
>>    Directory domain. This Gentoo box will be a fileserver when
>>    everything is completed and setup as it should.  I want our users
>>    to login to their computer (Computers are all members of the same
>>    Active Directory domain) using Active Directory accounts/domain
>>    for authentication. I am using Winbind for Active Directory
>>    authentication/integration. I'm almost done except file permission
>>    issue.  All is working smoothly (ie. wbinfo, smbclient, getent,
>>    etc.). I can access/map the shared drive on the Gentoo box from
>>    any Windows computer, login to a machine without a problem using
>>    Active Directory accounts.  The Active Directory authentication
>>    with Winbind is working as it should.
>>    For some odd reason, I can't figure out how to give permissions to
>>    all users the ability to make changes/add new folders on the
>>    shared drive. I am getting access denied even when the users or
>>    group are valid users of the shared drive per smb.conf.  Below is
>>    my smb.conf shared configuration:
>>    [shared]
>>          comment = shared
>>          path = /shared/drive
>>          read only = no
>>          inherit permissions = yes
>>          create mask = 755
>>          directory mask = 755
>>          valid users = @"MYDOMAIN+mygroup"
>>          browseable = yes
>>          writable = yes
>>    Any help would be greatly appreciated.
>>    -Ivan
>>    --    To unsubscribe from this list go to the following URL and read
>> the
>>    instructions:  https://lists.samba.org/mailman/options/samba
> Hi,
> The files and folders on the shared drive are owned by local Linux account.
>  The permissions are read, write and execute by the owner, read and write by
> group and all.  I was hoping that smb.conf will control the shared drive
> access but having a hard time doing so.  I would like to use ACL if that is
> the best way to make it work.   Would you mind giving me few pointers or
> point me to the right direction to get started on ACL?  I am no LDAP expert
> but I think I can get by if I have to use it.
> Thanks!
> -Ivan
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list