LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Samba Permisions /Active Directory Authentication Problem (http://www.linuxquestions.org/questions/linux-server-73/samba-permisions-active-directory-authentication-problem-943047/)

boninebm 05-03-2012 03:17 AM

Samba Permisions /Active Directory Authentication Problem
 
I have CentOS 6.2 FileServer and a Windows 2008 Server PDC, i have configured samba on CentOS to authenticate all users who need access to files against the WIndows 2008 Server.

I have Groups :
Finance
HR
Legal
Audit on the windows Server, and i have folders on my FileServer corsponding to those groups.
I created users on Windows and joined them to the various groups, so i want to restrict access to files on file server using group membership.

i used http://wiki.samba.org/index.php/Samb...tive_Directory to do the installation.

wbinfo -u and
wbinfo -g are giving me the results that i want e.g
Code:

[root@fileserver ~]# wbinfo -g
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
enterprise read-only domain controllers
dnsadmins
finance
hr
legal
audit

im able to browse and view files that are already on the server, but i cannot create a new file or folder, my /etc/samba/smb.conf is as follows

Code:

[global]     

        workgroup = LAN
        server string = FILE-SERVER


        security = ads

        realm = LAN.LOCAL
       
        encrypt passwords = yes
        preferred master = no

        template shell = /bin/bash
        template homedir = /home/%D/%U
        winbind separator = +
        winbind uid = 600-20000
        winbind gid = 600-20222
        winbind use default domain = true
        winbind nested groups = Yes
        winbind enum users = yes
        winbind enum groups = yes
        enhanced browsing = yes
        winbind offline logon = false

        password server = dc.lan.local



[LEGAL]
        comment = Shared Folder
        path = /home/legal
        writeable = yes
        valid users = @NETWORK+legal, @NETWORK+directors
        writelist =    @NETWORK+legal
        create mask = 0777
        force create mode = 0777
        browseable = yes
        guest ok = no

[HR_ADMIN]
        comment = Shared Folder
        path = /home/hr_admin
        writeable = yes
        valid users = @NETWORK+directors, @NETWORK+hr_admin
        writelist =  @NETWORK+hr_admin
        create mask = 0777
        force create mode = 0777
        browseable = yes
        guest ok = no

[FINANCE]
        comment = Shared Folder
        path = /home/finance
        writeable = yes
        valid users =  @NETWORK+directors, @NETWORK+finance
        writelist =  @NETWORK+finance
        create mask = 0777
        force create mode = 0777
        browseable = yes
        guest ok = no


has anyone used this kind of setup to work? i also want someone who will be a member of group 'Domain Admins' to have read and write access to all the folders and files on the server.


thanks in advance.

boninebm 05-04-2012 02:35 AM

Solved
 
i managed to solver the problem, but just removing the
Code:

+
on
Code:

winbind separator = +
and made it
Code:

winbind separator = $
i read a certain thread on the internet which said the + affects group memberships hence i had to look for a different separator, and everything works well now.

thanks guys


Bonnie

cdmontoya 09-20-2012 10:10 AM

Hello.
Does ur settings work with WinServer 2008 n Centos 5.8 with Samba 3.5??

Thx


All times are GMT -5. The time now is 01:35 PM.