LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 01-20-2013, 03:22 AM   #1
mac.tieu
Member
 
Registered: Jan 2010
Location: Vietnam
Distribution: Arch
Posts: 65

Rep: Reputation: 22
Samba 4: share directory for AD group


Hi,

I've just installed samba 4 on CentOS 6.3 then follow configuration guide at Samba4/HOWTO/Join a domain as a DC. Everything is going right except I can't share directory to AD group.

- 'getent passwd' show as:
Code:
...
ADDOMAIN\Administrator:*:0:100::/home/ADDOMAIN/Administrator:/bin/false
ADDOMAIN\Guest:*:3000001:3000002::/home/ADDOMAIN/Guest:/bin/false
ADDOMAIN\krbtgt:*:3000004:100::/home/ADDOMAIN/krbtgt:/bin/false
- 'getent group'
Code:
Enterprise Read-only Domain Controllers:*:3000008:
Domain Admins:*:3000009:
Domain Users:*:100:
Domain Guests:*:3000002:
Domain Computers:*:3000010:
Domain Controllers:*:3000011:
Schema Admins:*:3000012:
Enterprise Admins:*:3000013:
Group Policy Creator Owners:*:3000014:
Read-only Domain Controllers:*:3000015:
DnsUpdateProxy:*:3000016:
Writers:*:3000020:
- smb.conf
Code:
[global]
        workgroup = ADDOMAIN
        realm = addomain.com
        netbios name = LINUX-DC
        server role = active directory domain controller
[netlogon]
        path = /usr/local/samba/var/locks/sysvol/addomain.com/scripts
        read only = No
[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[test]
        path = /tmp/writers
        valid users = @"ADDOMAIN\Writers"
        write list = @"ADDOMAIN\Writers"
- Administrator is member of Writer group.
Code:
[root@linux-dc ~]# id administrator
uid=0(root) gid=100(users) groups=0(root),100(users),3000014(Group Policy Creator Owners),3000013(Enterprise Admins),3000009(Domain Admins),3000012(Schema Admins),3000020(Writers)
Problem is: member of group Writers can not access 'test' resource. If I change 'valid users' to: "valid users = ADDOMAIN\Administrator" then I can access sharing directory.
Could you help me to explain what I am doing wrong with this configuration?

Thanks in advanced,
Mac Tieu.
 
Old 01-21-2013, 12:12 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,134

Rep: Reputation: Disabled
This could be a winbind separator issue. After all, the backslash is usually the escape character in Unix/Linux.

You could try escaping the backslash, like this:
Code:
valid users = @"ADDOMAIN\\Writers"
If that doesn't work, you could try changing the separator to, say, the "+" character with
Code:
winbind separator = +
in the "globals" section and
Code:
valid users = @"ADDOMAIN+Writers"
on the share.
 
Old 01-22-2013, 11:38 AM   #3
mac.tieu
Member
 
Registered: Jan 2010
Location: Vietnam
Distribution: Arch
Posts: 65

Original Poster
Rep: Reputation: 22
Hi,

I've replaced separator to '+' as you guided but no success. After configed log level to 3 in smb.conf to examine log file, I can now access sharing resource by using group SID like:
Code:
valid users = 'S-1-5-21-1233234322-3234673423-5678456734-3457'
Is there any way to use group name instead of 'complex' SID string?

Thanks so much!
 
Old 05-28-2014, 01:48 PM   #4
celsomagela
LQ Newbie
 
Registered: May 2014
Posts: 1

Rep: Reputation: Disabled
I tested now, in Samba4 with internal dns: valid users = +"cmpc.leg\adm" and so is working perfectly.(cmpc.leg=realm and adm=group)
 
  


Reply

Tags
active directory, group, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Write permission for group in samba share mandyapenguin Linux - Newbie 8 01-19-2012 11:38 AM
samba share write denied to group chapan Linux - Server 1 11-07-2011 05:41 PM
Group share directory permissions Neruocomp Linux - Server 1 07-08-2010 07:33 PM
how to share files and directory without group and world access Z038 Linux - General 8 08-11-2009 11:49 PM
Samba Share for Group bgeorge Linux - Newbie 2 12-19-2007 11:47 PM


All times are GMT -5. The time now is 02:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration