[Samba] Samba as fileserver on Active Directory domain

Ivan Ordonez iordonez at berkeley.edu
Fri Oct 2 10:36:02 MDT 2009 


Jonathan Petersson wrote:
> Hi Ivan,
>
> I'm working on a similar thing but is having some issues with the
> kerberos sessions between samba and AD. Is your Samba server a member
> of a Win2k8R2 or a Win2k3 domain?
>
> Thanks
>
> /Jonathan
>
> On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez <iordonez at berkeley.edu> wrote:
>   
>> Robert LeBlanc wrote:
>>     
>>> What are the permissions on /shared/drive? We use ACLs to control access
>>> rather than smb.conf. This gives us great flexability and you can kind of
>>> manage it using a Windows machine. If you have Kerberos keytab generated,
>>> you can smbmount on Linux using the -o sec=krb5 and no passwords are needed,
>>> it also obeys ACL. The only catch is that you need to use RID or LDAP for
>>> uid/gid mapping or else your permissions won't line up.
>>>
>>> Robert LeBlanc
>>> Life Sciences & Undergraduate Education Computer Support
>>> Brigham Young University
>>>
>>>
>>> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez at berkeley.edu
>>> <mailto:iordonez at berkeley.edu>> wrote:
>>>
>>>    Hello,
>>>
>>>    We have a Gentoo box running Samba and is a member of the Active
>>>    Directory domain. This Gentoo box will be a fileserver when
>>>    everything is completed and setup as it should.  I want our users
>>>    to login to their computer (Computers are all members of the same
>>>    Active Directory domain) using Active Directory accounts/domain
>>>    for authentication. I am using Winbind for Active Directory
>>>    authentication/integration. I'm almost done except file permission
>>>    issue.  All is working smoothly (ie. wbinfo, smbclient, getent,
>>>    etc.). I can access/map the shared drive on the Gentoo box from
>>>    any Windows computer, login to a machine without a problem using
>>>    Active Directory accounts.  The Active Directory authentication
>>>    with Winbind is working as it should.
>>>
>>>    For some odd reason, I can't figure out how to give permissions to
>>>    all users the ability to make changes/add new folders on the
>>>    shared drive. I am getting access denied even when the users or
>>>    group are valid users of the shared drive per smb.conf.  Below is
>>>    my smb.conf shared configuration:
>>>
>>>    [shared]
>>>          comment = shared
>>>          path = /shared/drive
>>>          read only = no
>>>          inherit permissions = yes
>>>          create mask = 755
>>>          directory mask = 755
>>>          valid users = @"MYDOMAIN+mygroup"
>>>          browseable = yes
>>>          writable = yes
>>>
>>>    Any help would be greatly appreciated.
>>>
>>>    -Ivan
>>>    --    To unsubscribe from this list go to the following URL and read
>>> the
>>>    instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>       
>> Hi,
>>
>> The files and folders on the shared drive are owned by local Linux account.
>>  The permissions are read, write and execute by the owner, read and write by
>> group and all.  I was hoping that smb.conf will control the shared drive
>> access but having a hard time doing so.  I would like to use ACL if that is
>> the best way to make it work.   Would you mind giving me few pointers or
>> point me to the right direction to get started on ACL?  I am no LDAP expert
>> but I think I can get by if I have to use it.
>>
>> Thanks!
>>
>> -Ivan
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>     

Hi Jonathan,

Our Samba server is a member of Win2k8R2 domain. 

Thanks,
-Ivan

More information about the samba mailing list