LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-06-2015, 08:18 AM   #31
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13

What is selinux context for that share
# ls lZ
 
Old 04-07-2015, 12:22 AM   #32
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
[root@printmah samba]# ls -lZ
drwxrwxr-x+ root domain_users unconfined_ubject_r:samba_share_t:s0 demo
 
Old 04-07-2015, 01:36 AM   #33
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
Let me tell u my way how i do share folders
I create a folder xyz
Then i change the group ownership to domain users
Code:
chgrp "domain users" xyz
then apply directory permissions
Code:
setfacl -m g::rwx xyz
Then apply selinux file context
Code:
chcon -t samba_share_t xyz
Then add share to smb.conf file

Quote:
[xyz]
path= /path
Valid users= @example\"domain users"
Write list= example\"domain users"
i run 'testparm' to check anything misspelled
Restart samba
Now i can connect to share with any domain user.
If u want to restrict u can create a group for whom u want to give access to that share. Like u have created a group 'linux'
Just replace the group with "domain users" here.

"YOU WILL BE DENIED ACCESS TO SHARE IF U R NOT SYNCING TIME TO YOUR DC"

Last edited by zafar_dandoti; 04-07-2015 at 01:48 AM.
 
Old 04-07-2015, 08:49 AM   #34
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
I have some questions that you never answered them :

1- When you use "chgrp "GROUP NAME" PATH" , why you don't use "chgrp "DOMAIN NAME\GROUP NAME" PATH" ?
2- which user you used to create directory "xyz" ? your AD user or root user?
3- in "smb.conf" you used "Valid users= @example\"domain users" " but why you don't use your Suffix domain ?. For example, "example.me ".

I created a directory as you said but with my AD user and not root.my "smb.conf" is :

[test]
path = /home/jason/test
read only = no
browseable = yes
Valid users = @JASONDOMAINI.JJ\"linux"
Write list = JASONDOMAINI.JJ\"linux"



AND "testparm" tell me :

[root@printmah ~]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[test]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

But when I open the share it ask me username and password and repeat it
 
Old 04-07-2015, 10:13 AM   #35
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
1. I think it is not nessesory that u use "DOMAIN\GROUP" while changing group ownership If u dont have group name similler present on ur domain member server.


2.I use root user to create directories and perform all the steps in previous post.

3. I can use both @example\"domain users" and @example.local\"domain users"


I use double inverted comma in smb.conf file(@example\"domain users")becouse there is a space between domain and users If i put w/o invertrd comma samba treat domain and users as differrent groups.
In ur case u dont need to put ur group "linux" in invertrd comma
Just put
@JASONDOMAINI\linux
 
Old 04-08-2015, 02:23 AM   #36
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
I just said, The problem not solved and it ask me username and password and repeat it
Can you tell me about your other configuration files like "krb5.conf" , "smb.conf" global section ?
 
Old 04-11-2015, 01:46 AM   #37
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
Any idea?
 
Old 04-12-2015, 01:10 PM   #38
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
What u get when
# kinit 'username'
I am away from server right now coz of holidays soon i'll return
 
Old 04-12-2015, 11:45 PM   #39
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
When I enter this command, it ask me my AD password and when I enter it, Nothing show !!!!
 
Old 04-14-2015, 01:20 AM   #40
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
Try creating a credential file
Ex: # vi ~/.smbcred
Enter your logon information
username=value
password=value
domain=value
Save the file then run
Code:
smbclient //localhost/share -o credentials=~/.smbcred

Last edited by zafar_dandoti; 04-14-2015 at 01:23 AM.
 
Old 04-18-2015, 12:10 AM   #41
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
I crated file "smbcred" and filled it with the information.

I used "smbclient //localhost/test -o credentials=~/.smbcred" but got below error :

[root@printmah ~]# smbclient //localhost/test -o credentials=~/.smbcred
Domain=[JASONDOMAIN] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
 
Old 04-21-2015, 02:20 AM   #42
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
Any idea?
I guess that the problem is about other config like "hosts" and etc.
 
Old 04-22-2015, 01:16 AM   #43
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
No host file has nothing to do with that error.Are u using right credentials to connect the share. Is it JANSONDOMAIN or JASONDOMAINI make sure there are no typing mistake.
 
Old 04-22-2015, 08:43 AM   #44
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
My Domain name is "Jasondomain.jj" and backend is "JASONDOMAINI".
When I want to join my linux box into domain I use "jasondomain.jj" but when I want to login I use "jasondomaini\\jason".

I tested both but got same error.
 
Old 04-22-2015, 10:23 AM   #45
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
Instead of allowing AD group in smb.conf file, try with single AD user first.
Code:
valid users = jason@JASONDOMAIN
tell me what that returns.

what is backend JASONDOMINI? is it OU(Organisational Unit)

It is little confusing for me or i am not aware to backend concept.

Last edited by zafar_dandoti; 04-22-2015 at 10:35 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Samba share can't write in linux, can in Windows xmrkite Linux - Software 1 09-17-2012 12:14 PM
creating files from windows on a samba share gives read-only permissions. lievendp Linux - General 5 12-17-2008 10:55 AM
Access linux SAMBA share from windows pengu Linux - Software 6 02-17-2007 11:55 AM
samba - accessing windows share in linux mikeotieno Linux - Software 7 07-28-2006 06:12 AM
samba: linux mounted share = choppy playback, windows mounted share = smooth kleptophobiac Linux - Software 2 04-10-2005 08:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration