[Samba] Samba as fileserver on Active Directory domain
iordonez at berkeley.edu
Fri Oct 2 10:36:02 MDT 2009
Jonathan Petersson wrote:
> Hi Ivan,
> I'm working on a similar thing but is having some issues with the
> kerberos sessions between samba and AD. Is your Samba server a member
> of a Win2k8R2 or a Win2k3 domain?
> On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez <iordonez at berkeley.edu> wrote:
>> Robert LeBlanc wrote:
>>> What are the permissions on /shared/drive? We use ACLs to control access
>>> rather than smb.conf. This gives us great flexability and you can kind of
>>> manage it using a Windows machine. If you have Kerberos keytab generated,
>>> you can smbmount on Linux using the -o sec=krb5 and no passwords are needed,
>>> it also obeys ACL. The only catch is that you need to use RID or LDAP for
>>> uid/gid mapping or else your permissions won't line up.
>>> Robert LeBlanc
>>> Life Sciences & Undergraduate Education Computer Support
>>> Brigham Young University
>>> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez at berkeley.edu
>>> <mailto:iordonez at berkeley.edu>> wrote:
>>> We have a Gentoo box running Samba and is a member of the Active
>>> Directory domain. This Gentoo box will be a fileserver when
>>> everything is completed and setup as it should. I want our users
>>> to login to their computer (Computers are all members of the same
>>> Active Directory domain) using Active Directory accounts/domain
>>> for authentication. I am using Winbind for Active Directory
>>> authentication/integration. I'm almost done except file permission
>>> issue. All is working smoothly (ie. wbinfo, smbclient, getent,
>>> etc.). I can access/map the shared drive on the Gentoo box from
>>> any Windows computer, login to a machine without a problem using
>>> Active Directory accounts. The Active Directory authentication
>>> with Winbind is working as it should.
>>> For some odd reason, I can't figure out how to give permissions to
>>> all users the ability to make changes/add new folders on the
>>> shared drive. I am getting access denied even when the users or
>>> group are valid users of the shared drive per smb.conf. Below is
>>> my smb.conf shared configuration:
>>> comment = shared
>>> path = /shared/drive
>>> read only = no
>>> inherit permissions = yes
>>> create mask = 755
>>> directory mask = 755
>>> valid users = @"MYDOMAIN+mygroup"
>>> browseable = yes
>>> writable = yes
>>> Any help would be greatly appreciated.
>>> -- To unsubscribe from this list go to the following URL and read
>>> instructions: https://lists.samba.org/mailman/options/samba
>> The files and folders on the shared drive are owned by local Linux account.
>> The permissions are read, write and execute by the owner, read and write by
>> group and all. I was hoping that smb.conf will control the shared drive
>> access but having a hard time doing so. I would like to use ACL if that is
>> the best way to make it work. Would you mind giving me few pointers or
>> point me to the right direction to get started on ACL? I am no LDAP expert
>> but I think I can get by if I have to use it.
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
Our Samba server is a member of Win2k8R2 domain.
More information about the samba