[Samba] samba linux share vs AD
Benjamin Budts
ben at zentrix.be
Thu Jan 16 09:30:01 MST 2014
Gents,
I would appreciate your advice on helping me debug my problem here.
My objective :
----------------------------------
. have a share that is accessible only by AD users that are in a
specific AD group
. I want to add an AD group to the unix
What is not working :
--------------------------
. #getent passwd only shows local users it seems to wait 5 seconds
after printing the local users and then times out to shell without an error.
. same problem for # getent groups
. when I try to access my servers share and use a faulty pass on
purpose (I've put samba debug level on 1) I get an authentication failure :
NT_STATUS_NO_SUCH_USER . If I give the good credentials , good user & pass
I get nothing in log and windows just asks me to fill in my user & pass
again, but no log whatsoever !
. Trying to add an AD group to my /share gives me no such group .
Would anyone have an example of howto add my INTRANET+GRP_BLIMS_RDS_USERS to
/share (I remounted my filesystem with acl options)
Some info about my system :
------------------------------------
. Running Redhat 6.5 (updated)
. Installed packages : winbind, samba, acl, Kerberos workstation (I
remounted my filesystem share with acl )
. Samba 3.6.9
My samba config :
-----------------------
[global]
workgroup = INTRANET
realm = LOL.BE
server string = %h
security = ADS
ntlm auth = No
kerberos method = system keytab
log file = /var/log/samba/log.%m
max log size = 1024
client signing = required
server signing = required
client use spnego = No
load printers = No
lm announce = No
dns proxy = No
ldap ssl = no
template homedir = /dev/null
template shell = /bin/true
winbind separator = +
winbind cache time = 5
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
winbind normalize names = Yes
idmap config * : range = 1000000-1999999
idmap config INTRANET:base_rid = 0
idmap config INTRANET:range = 60000-50000000
idmap config INTRANET:read only = yes
idmap config INTRANET:backend = rid
idmap config * : backend = tdb
invalid users = root
cups options = raw
[blims_share]
comment = Blims Cluster Share
path = /share
valid users = @INTRANET+GRP_BLIMS_RDS_USERS
read only = No
thx a bunch
More information about the samba
mailing list