LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Samba mapping ADS users (http://www.linuxquestions.org/questions/linux-server-73/samba-mapping-ads-users-925161/)

cbtshare 01-22-2012 08:10 PM

Samba mapping ADS users
 
I CAN mount users shares who are created on the samba server, with the command :
stain is a local user on the linux server

Quote:

mount -t cifs -o username=stain,password=Jfe4f //111.111.111.1/stain /home/stain/Desktop/test
but when I want to mount a users directory who is an ADS user.I keep getting permission denied.

The command shows users on the linux and as well as the active directory users.

Code:

ricci:x:140:140:ricci daemon user:/var/lib/ricci:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
pulse:x:496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
luci:x:141:141:luci user:/var/lib/luci:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:495:489:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
Admin:x:500:500:Andrew Morgan:/home/Admin:/bin/bash
dhcpd:x:177:177:DHCP server:/:/sbin/nologin
stain:x:501:501::/home/stain:/bin/bash
named:x:25:25:Named:/var/named:/sbin/nologin
james:x:605:605::/home/james:/bin/bash


active directory users below



administrator:*:601:617:Administrator:/home/DLNSTREAM/administrator:/bin/bash
guest:*:602:618:Guest:/home/DLNEAM/guest:/bin/bash
krbtgt:*:603:617:krbtgt:/home/DLNEAM/krbtgt:/bin/bash
ads:*:604:617:ads moran:/home/DLNEAM/ads:/bin/bash
keis:*:605:617:keis:/home/DLNEAM/keis:/bin/bash


If I look up the share for a active directory user ,I get :
Code:



so Keis is an active directory user:

smbclient -L 111.111.111.1 -U keis
Password:

Domain=[DLNEAM] OS=[Unix] Server=[Samba 3.5.10-114.el6]

        Sharename      Type      Comment
        ---------      ----      -------
        WIe            Disk     
        IPC$            IPC      IPC Service (Linux Server1)
        Brother-DCP-7060D Printer  Brother DCP-7060D
        Brother_DCP-7060D Printer  Brother DCP-7060D
        keis          Disk      keis Home Directories
Domain=[DLNEAM] OS=[Unix] Server=[Samba 3.5.10-114.el6]

        Server              Comment
        ---------            -------
        PWINSERVER         
        SERVER1              Linux Server1

        Workgroup            Master
        ---------            -------
        DLNEAM            PWINSERVER
        KENYON              EVAN-TP
        SPORTLAB            SUPERACE2
        WORKGROUP            MACHERINI-HP

but if I try to mount the active directory user keis it I get :
Code:

mount -t cifs -o username=keis,password=aaa //111.111.111.1/keis /home/stain/Desktop/test
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)


My samba conf file is :

Code:

[global]
security = ADS
realm = DLNSTREAM.COM
machine password timeout = 0
password server = 111.111.111.12
netbios name = server1
server string = Linux Server1
encrypt passwords = yes
default service = global
workgroup = DLNEAM
time server = Yes
debuglevel = 2
load printers = yes
printing = cups
printcap name = cups
cups options = raw
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = .
idmap uid = 600-20000
idmap gid = 600-20000
;template primary group = "Domain Users"
template shell = /bin/bash
browseable =yes

[homes]
comment = %u Home Directories
valid users = %S
read only = No
writable = yes
browseable =no
available = yes
createmode = 0770
directory mode = 0770
sharemodes = yes
guest ok = no
path = %H


[WIe]
path = /usr/local/mine
writeable = yes
#force user = root
public = yes
available = yes
createmode = 0770
directory mode = 0770
sharemodes = yes
guest ok = no
valid users = @james @stain
browseable = yes

so basically I need to be able to map shares belonging to active directory users.

cbtshare 01-24-2012 01:51 PM

still cant get this working...

tha.siegrist 01-26-2012 06:49 AM

What are the permissions on /home/stain/Desktop/test ?
What is the Domainname of the other users?
Do you trust the other Domain:
allow trusted domains = Yes

cbtshare 01-26-2012 08:16 AM

active directory users below


administrator:*:601:617:Administrator:/home/DLNSTREAM/administrator:/bin/bash
guest:*:602:618:Guest:/home/DLNEAM/guest:/bin/bash
krbtgt:*:603:617:krbtgt:/home/DLNEAM/krbtgt:/bin/bash
ads:*:604:617:ads moran:/home/DLNEAM/ads:/bin/bash
keis:*:605:617:keis:/home/DLNEAM/keis:/bin/bash

In the samba config I have :

[homes]
comment = %u Home Directories
valid users = %S
read only = No
writable = yes
browseable =no
available = yes
createmode = 0770
directory mode = 0770
sharemodes = yes
guest ok = no
path = %H
so the folders are created with the 770 permission.

I will check if its a trusted domain.

cbtshare 01-28-2012 02:22 AM

The domain is a trusted domain.I dont know whats wrong..


All times are GMT -5. The time now is 08:15 AM.