[Samba] samba linux share vs AD

Benjamin Budts ben at zentrix.be
Thu Jan 16 09:30:01 MST 2014


 

Gents,

 

I would appreciate your advice on helping me debug my problem here.

 

My objective : 

----------------------------------

.         have a share that is accessible only by AD users that are in a
specific AD group

.         I want to add an AD group to the unix

 

What is not working :

--------------------------

 

 

.         #getent passwd  only shows local users it seems to wait 5 seconds
after printing the local users and then times out to shell without an error.

 

.         same problem for # getent groups

 

.         when I try to access my servers share and use a faulty pass on
purpose (I've put samba debug level on 1) I get an authentication failure :
NT_STATUS_NO_SUCH_USER   . If I give the good credentials , good user & pass
I get nothing in log and windows just asks me to fill in my user & pass
again, but no log whatsoever !

 

.         Trying to add an AD group to my /share gives me no such group .
Would anyone have an example of howto add my INTRANET+GRP_BLIMS_RDS_USERS to
/share (I remounted my filesystem with acl options)

 

 

Some info about my system  :

------------------------------------

.         Running Redhat 6.5 (updated) 

.         Installed packages : winbind, samba, acl, Kerberos workstation  (I
remounted my filesystem share with acl  )

.         Samba 3.6.9

 

My samba config :

-----------------------

 

[global]

                workgroup = INTRANET

                realm = LOL.BE

                server string = %h

                security = ADS

                ntlm auth = No

                kerberos method = system keytab

                log file = /var/log/samba/log.%m

                max log size = 1024

                client signing = required

                server signing = required

                client use spnego = No

                load printers = No

                lm announce = No

                dns proxy = No

                ldap ssl = no

                template homedir = /dev/null

                template shell = /bin/true

                winbind separator = +

                winbind cache time = 5

                winbind enum users = Yes

                winbind enum groups = Yes

                winbind nss info = rfc2307

                winbind refresh tickets = Yes

                winbind offline logon = Yes

                winbind normalize names = Yes

                idmap config * : range = 1000000-1999999

                idmap config INTRANET:base_rid = 0

                idmap config INTRANET:range = 60000-50000000

                idmap config INTRANET:read only = yes

                idmap config INTRANET:backend = rid

                idmap config * : backend = tdb

                invalid users = root

                cups options = raw

 

[blims_share]

                comment = Blims Cluster Share

                path = /share

                valid users = @INTRANET+GRP_BLIMS_RDS_USERS

                read only = No

 

thx a bunch



More information about the samba mailing list