[Samba] Samba as fileserver on Active Directory domain

Ivan Ordonez iordonez at berkeley.edu
Mon Oct 5 10:02:48 MDT 2009


I am using Samba version 3.0.36.  When I upgraded to 3.3.7, I got some 
"realm" complaints when I run testparm and some "ADS"  related error.  
The 3.3.7 version is masked by Gentoo portage and not sure if it will be 
available soon.

Thanks,
-Ivan

Robert LeBlanc wrote:
> What version of samba are you using? I submitted a patch to Samba that 
> is in 3.4.1 and slated for the next version of 3.3.x that fixes the 
> workgroup/realm thing. It falls back to SPEGO without the patch, but 
> it takes a little while, the patch speeds things up.
>
> Robert LeBlanc
> Life Sciences & Undergraduate Education Computer Support
> Brigham Young University
>
>
> On Fri, Oct 2, 2009 at 11:09 AM, Jonathan Petersson 
> <jpetersson at garnser.se <mailto:jpetersson at garnser.se>> wrote:
>
>     How did you solve the kerberos portion how things, when winbind tries
>     to connect to my server the kerberos sessions fails as it tries to
>     connect with the workgroup instead of the realm.
>
>     Thanks
>
>     /Jonathan
>
>     On Fri, Oct 2, 2009 at 9:36 AM, Ivan Ordonez
>     <iordonez at berkeley.edu <mailto:iordonez at berkeley.edu>> wrote:
>     >
>     >
>     > Jonathan Petersson wrote:
>     >>
>     >> Hi Ivan,
>     >>
>     >> I'm working on a similar thing but is having some issues with the
>     >> kerberos sessions between samba and AD. Is your Samba server a
>     member
>     >> of a Win2k8R2 or a Win2k3 domain?
>     >>
>     >> Thanks
>     >>
>     >> /Jonathan
>     >>
>     >> On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez
>     <iordonez at berkeley.edu <mailto:iordonez at berkeley.edu>>
>     >> wrote:
>     >>
>     >>>
>     >>> Robert LeBlanc wrote:
>     >>>
>     >>>>
>     >>>> What are the permissions on /shared/drive? We use ACLs to
>     control access
>     >>>> rather than smb.conf. This gives us great flexability and you
>     can kind
>     >>>> of
>     >>>> manage it using a Windows machine. If you have Kerberos keytab
>     >>>> generated,
>     >>>> you can smbmount on Linux using the -o sec=krb5 and no
>     passwords are
>     >>>> needed,
>     >>>> it also obeys ACL. The only catch is that you need to use RID
>     or LDAP
>     >>>> for
>     >>>> uid/gid mapping or else your permissions won't line up.
>     >>>>
>     >>>> Robert LeBlanc
>     >>>> Life Sciences & Undergraduate Education Computer Support
>     >>>> Brigham Young University
>     >>>>
>     >>>>
>     >>>> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez
>     <iordonez at berkeley.edu <mailto:iordonez at berkeley.edu>
>     >>>> <mailto:iordonez at berkeley.edu
>     <mailto:iordonez at berkeley.edu>>> wrote:
>     >>>>
>     >>>>   Hello,
>     >>>>
>     >>>>   We have a Gentoo box running Samba and is a member of the
>     Active
>     >>>>   Directory domain. This Gentoo box will be a fileserver when
>     >>>>   everything is completed and setup as it should.  I want our
>     users
>     >>>>   to login to their computer (Computers are all members of
>     the same
>     >>>>   Active Directory domain) using Active Directory accounts/domain
>     >>>>   for authentication. I am using Winbind for Active Directory
>     >>>>   authentication/integration. I'm almost done except file
>     permission
>     >>>>   issue.  All is working smoothly (ie. wbinfo, smbclient, getent,
>     >>>>   etc.). I can access/map the shared drive on the Gentoo box from
>     >>>>   any Windows computer, login to a machine without a problem
>     using
>     >>>>   Active Directory accounts.  The Active Directory authentication
>     >>>>   with Winbind is working as it should.
>     >>>>
>     >>>>   For some odd reason, I can't figure out how to give
>     permissions to
>     >>>>   all users the ability to make changes/add new folders on the
>     >>>>   shared drive. I am getting access denied even when the users or
>     >>>>   group are valid users of the shared drive per smb.conf.
>      Below is
>     >>>>   my smb.conf shared configuration:
>     >>>>
>     >>>>   [shared]
>     >>>>         comment = shared
>     >>>>         path = /shared/drive
>     >>>>         read only = no
>     >>>>         inherit permissions = yes
>     >>>>         create mask = 755
>     >>>>         directory mask = 755
>     >>>>         valid users = @"MYDOMAIN+mygroup"
>     >>>>         browseable = yes
>     >>>>         writable = yes
>     >>>>
>     >>>>   Any help would be greatly appreciated.
>     >>>>
>     >>>>   -Ivan
>     >>>>   --    To unsubscribe from this list go to the following URL
>     and read
>     >>>> the
>     >>>>   instructions:  https://lists.samba.org/mailman/options/samba
>     >>>>
>     >>>>
>     >>>
>     >>> Hi,
>     >>>
>     >>> The files and folders on the shared drive are owned by local Linux
>     >>> account.
>     >>>  The permissions are read, write and execute by the owner,
>     read and write
>     >>> by
>     >>> group and all.  I was hoping that smb.conf will control the
>     shared drive
>     >>> access but having a hard time doing so.  I would like to use
>     ACL if that
>     >>> is
>     >>> the best way to make it work.   Would you mind giving me few
>     pointers or
>     >>> point me to the right direction to get started on ACL?  I am
>     no LDAP
>     >>> expert
>     >>> but I think I can get by if I have to use it.
>     >>>
>     >>> Thanks!
>     >>>
>     >>> -Ivan
>     >>> --
>     >>> To unsubscribe from this list go to the following URL and read the
>     >>> instructions:  https://lists.samba.org/mailman/options/samba
>     >>>
>     >>>
>     >
>     > Hi Jonathan,
>     >
>     > Our Samba server is a member of Win2k8R2 domain.
>     > Thanks,
>     > -Ivan
>     >
>
>


More information about the samba mailing list