LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-03-2012, 03:17 AM   #1
boninebm
LQ Newbie
 
Registered: Sep 2011
Posts: 5

Rep: Reputation: Disabled
Question Samba Permisions /Active Directory Authentication Problem


I have CentOS 6.2 FileServer and a Windows 2008 Server PDC, i have configured samba on CentOS to authenticate all users who need access to files against the WIndows 2008 Server.

I have Groups :
Finance
HR
Legal
Audit on the windows Server, and i have folders on my FileServer corsponding to those groups.
I created users on Windows and joined them to the various groups, so i want to restrict access to files on file server using group membership.

i used http://wiki.samba.org/index.php/Samb...tive_Directory to do the installation.

wbinfo -u and
wbinfo -g are giving me the results that i want e.g
Code:
[root@fileserver ~]# wbinfo -g
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
enterprise read-only domain controllers
dnsadmins
finance
hr
legal
audit
im able to browse and view files that are already on the server, but i cannot create a new file or folder, my /etc/samba/smb.conf is as follows

Code:
[global]      

	workgroup = LAN
	server string = FILE-SERVER 


	security = ads

	realm = LAN.LOCAL
         
        encrypt passwords = yes
	preferred master = no

        template shell = /bin/bash
	template homedir = /home/%D/%U
	winbind separator = +
	winbind uid = 600-20000
	winbind gid = 600-20222
        winbind use default domain = true
	winbind nested groups = Yes
	winbind enum users = yes
	winbind enum groups = yes
	enhanced browsing = yes
	winbind offline logon = false

        password server = dc.lan.local



[LEGAL]
	comment = Shared Folder
	path = /home/legal
	writeable = yes
        valid users = @NETWORK+legal, @NETWORK+directors
        writelist =    @NETWORK+legal
	create mask = 0777
        force create mode = 0777
	browseable = yes
	guest ok = no

[HR_ADMIN]
	comment = Shared Folder
	path = /home/hr_admin
	writeable = yes
        valid users = @NETWORK+directors, @NETWORK+hr_admin
        writelist =   @NETWORK+hr_admin
	create mask = 0777
        force create mode = 0777
	browseable = yes
	guest ok = no

[FINANCE]
	comment = Shared Folder
	path = /home/finance
	writeable = yes
        valid users =   @NETWORK+directors, @NETWORK+finance
        writelist =  @NETWORK+finance
	create mask = 0777
        force create mode = 0777
	browseable = yes
	guest ok = no

has anyone used this kind of setup to work? i also want someone who will be a member of group 'Domain Admins' to have read and write access to all the folders and files on the server.


thanks in advance.
 
Old 05-04-2012, 02:35 AM   #2
boninebm
LQ Newbie
 
Registered: Sep 2011
Posts: 5

Original Poster
Rep: Reputation: Disabled
Solved

i managed to solver the problem, but just removing the
Code:
+
on
Code:
winbind separator = +
and made it
Code:
winbind separator = $
i read a certain thread on the internet which said the + affects group memberships hence i had to look for a different separator, and everything works well now.

thanks guys


Bonnie
 
Old 09-20-2012, 10:10 AM   #3
cdmontoya
LQ Newbie
 
Registered: Sep 2012
Posts: 3

Rep: Reputation: Disabled
Hello.
Does ur settings work with WinServer 2008 n Centos 5.8 with Samba 3.5??

Thx
 
  


Reply

Tags
active directory, samba permissions, winbind


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yet another Samba authentication problem with Windows 2003 Active Directory StAlphonzo Linux - Security 1 05-23-2008 02:16 PM
Yet another Samba authentication problem with Windows 2003 Active Directory StAlphonzo Linux - Server 0 05-23-2008 12:36 PM
Samba with Active Directory authentication Ziggie Linux - Enterprise 5 02-02-2006 07:43 AM
Samba Active Directory Authentication zenix Linux - Networking 1 09-17-2005 04:26 AM
samba-authentication with Active Directory sanjeevsagoo Linux - Networking 2 05-07-2004 03:09 AM


All times are GMT -5. The time now is 08:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration