[Samba] Samba as fileserver on Active Directory domain
Robert LeBlanc
robert at leblancnet.us
Sat Oct 3 23:13:50 MDT 2009
What version of samba are you using? I submitted a patch to Samba that is in
3.4.1 and slated for the next version of 3.3.x that fixes the
workgroup/realm thing. It falls back to SPEGO without the patch, but it
takes a little while, the patch speeds things up.
Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University
On Fri, Oct 2, 2009 at 11:09 AM, Jonathan Petersson
<jpetersson at garnser.se>wrote:
> How did you solve the kerberos portion how things, when winbind tries
> to connect to my server the kerberos sessions fails as it tries to
> connect with the workgroup instead of the realm.
>
> Thanks
>
> /Jonathan
>
> On Fri, Oct 2, 2009 at 9:36 AM, Ivan Ordonez <iordonez at berkeley.edu>
> wrote:
> >
> >
> > Jonathan Petersson wrote:
> >>
> >> Hi Ivan,
> >>
> >> I'm working on a similar thing but is having some issues with the
> >> kerberos sessions between samba and AD. Is your Samba server a member
> >> of a Win2k8R2 or a Win2k3 domain?
> >>
> >> Thanks
> >>
> >> /Jonathan
> >>
> >> On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez <iordonez at berkeley.edu>
> >> wrote:
> >>
> >>>
> >>> Robert LeBlanc wrote:
> >>>
> >>>>
> >>>> What are the permissions on /shared/drive? We use ACLs to control
> access
> >>>> rather than smb.conf. This gives us great flexability and you can kind
> >>>> of
> >>>> manage it using a Windows machine. If you have Kerberos keytab
> >>>> generated,
> >>>> you can smbmount on Linux using the -o sec=krb5 and no passwords are
> >>>> needed,
> >>>> it also obeys ACL. The only catch is that you need to use RID or LDAP
> >>>> for
> >>>> uid/gid mapping or else your permissions won't line up.
> >>>>
> >>>> Robert LeBlanc
> >>>> Life Sciences & Undergraduate Education Computer Support
> >>>> Brigham Young University
> >>>>
> >>>>
> >>>> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez at berkeley.edu
> >>>> <mailto:iordonez at berkeley.edu>> wrote:
> >>>>
> >>>> Hello,
> >>>>
> >>>> We have a Gentoo box running Samba and is a member of the Active
> >>>> Directory domain. This Gentoo box will be a fileserver when
> >>>> everything is completed and setup as it should. I want our users
> >>>> to login to their computer (Computers are all members of the same
> >>>> Active Directory domain) using Active Directory accounts/domain
> >>>> for authentication. I am using Winbind for Active Directory
> >>>> authentication/integration. I'm almost done except file permission
> >>>> issue. All is working smoothly (ie. wbinfo, smbclient, getent,
> >>>> etc.). I can access/map the shared drive on the Gentoo box from
> >>>> any Windows computer, login to a machine without a problem using
> >>>> Active Directory accounts. The Active Directory authentication
> >>>> with Winbind is working as it should.
> >>>>
> >>>> For some odd reason, I can't figure out how to give permissions to
> >>>> all users the ability to make changes/add new folders on the
> >>>> shared drive. I am getting access denied even when the users or
> >>>> group are valid users of the shared drive per smb.conf. Below is
> >>>> my smb.conf shared configuration:
> >>>>
> >>>> [shared]
> >>>> comment = shared
> >>>> path = /shared/drive
> >>>> read only = no
> >>>> inherit permissions = yes
> >>>> create mask = 755
> >>>> directory mask = 755
> >>>> valid users = @"MYDOMAIN+mygroup"
> >>>> browseable = yes
> >>>> writable = yes
> >>>>
> >>>> Any help would be greatly appreciated.
> >>>>
> >>>> -Ivan
> >>>> -- To unsubscribe from this list go to the following URL and read
> >>>> the
> >>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>
> >>>>
> >>>
> >>> Hi,
> >>>
> >>> The files and folders on the shared drive are owned by local Linux
> >>> account.
> >>> The permissions are read, write and execute by the owner, read and
> write
> >>> by
> >>> group and all. I was hoping that smb.conf will control the shared
> drive
> >>> access but having a hard time doing so. I would like to use ACL if
> that
> >>> is
> >>> the best way to make it work. Would you mind giving me few pointers
> or
> >>> point me to the right direction to get started on ACL? I am no LDAP
> >>> expert
> >>> but I think I can get by if I have to use it.
> >>>
> >>> Thanks!
> >>>
> >>> -Ivan
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions: https://lists.samba.org/mailman/options/samba
> >>>
> >>>
> >
> > Hi Jonathan,
> >
> > Our Samba server is a member of Win2k8R2 domain.
> > Thanks,
> > -Ivan
> >
>
More information about the samba
mailing list