Samba File Serve & Win Domain Users
 

Hello,
i want to run file server with samba and domain users could only change(rw) their files , How can i implement it ?

Best Regards,
Hesaum

So you want to integrate your Linux Samba into a Windows 2003/2008 Active Directory?

yes , i want domain users can accesss file server in linux Samba, i want to replace windows file server with linux file server

Best Regards.

One of your first steps is to ensure kerberos is able to authenticate with your Active Directory. I'm familiar with RHEL config file layout, so that's what I'll be listing.

You want to update /etc/krb5.conf.

An example of this file:
In your krb5.conf you need to update your default_realm, entries under [realms], and [domain_realm]. Keep in mind your character case matters, your realm is always upper case.

Once you have a good krb5.conf, you can test it by

Again, case matters. Also ensure the clocks between your kdc and this system are within 5 minutes of each other. Once you are able to establish a kerberos ticket you are ready to move onto the samba integration. You can verify the authentication was good by typing klist, and clear the current kerberos authenticated tickets with kdestroy.



Once you have this working post back, and I'll help you setup the Samba config.

I'm done with this part, can you help me out with the samba part?
Thank in advance! :)

Nevermind, Just anf FYI, if someone have the same project ahead, execute the #authconfig command and that's all! :)

Peace.
PMA

Hello,
i implement kerberos auth on debian linux , now i want to install samba , what configuration do i need ?

Best Regards,

As I guess you want to configure a samba server
and also give 766 permission to the file which you will share in samba to give rw permission to groups and others

thanks for your reply,
but my users are windows domain users and authentication must be done by ADS, config of samba work with ADS?

Best Regards.

I have not tried with ADS but I did a little Google and here is what I found

http://www.linuxmail.info/active-dir...amba-centos-5/

You can try this

pma083, is your kinit user@domain functioning? You got me confused. ;)


hesisaboury, if you have your kerberos able to authenticate to your ads then you are 1/3 the way there!

I do not have my config files here, so I will be shooting from the hip on some of this. Here are some lines you will need in your smb.conf:

That is at least a start, I am sure to be missing something though. Once you feel your smb.conf is ready to join the domain, you can attempt to join by:

Remember, after modifying your /etc/samba/smb.conf to restart your samba service.

Administrator can be any admin account on your domain, but must be an admin. If that is successful then your samba is now able to act as a member of your domain. This doesn't mean you are finished with the configuration.

Hi,
Finally i joined debian linux to ADS , i got error about DNS but it joined successfully,


root@debian:/home/hesaum# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- POGC
Joined 'DEBIAN' to realm 'POGC.COM'
DNS update failed!

in active directory->computers i see my linux host name and also i used this command for test
root@debian:/home/hesaum# wbinfo -n user1
S-1-5-21-2670042356-3564497424-2797598806-1106 SID_USER (1)

i used your guide (Passmossis) and the following forum :
http://ubuntuforums.org/showthread.php?t=91510

now i want to know what should i have to next?

Best Regards,

You can now share files/folders between Windows and Linux. From here, it's as simple as setting up a share for any other security method. Your active directory users should be able to access it so long as they are referenced in the share.

A tool I use with valid users is @group to specify the windows group (ie administrators) that can access the share.
Now on your windows side, logged in as a member of the admin group, you can navigate to \\ip\WinAdmin and access your share.

To mount a windows share to the linux box you can mount the windows share utilizing the cifs format. There is also a specific cifsmount command you can find I'm sure.



You can also setup to allow your windows users to log in to the Linux system directly.
If you are ubuntu, I do not know the setup for authentication. I think your link covered it.
As your link describes, you need to update your:
Also ensure the winbind/winbindd service is running. I've seen it run under either of those names.



I have not received or seen the DNS error before. Perhaps view your samba log for additional information, being log level 3 should help. You can always increase the log level, but trust me once you go 5 and above it gets really hard to truly see what is going on (to me anyway).

Hi,

Your guide was helpful , but now i want to know, if users want it's own folder (read,write,execute) and others only read ,i have to create folders for every user and set permissions , or there are other ways ...

Thank You,

You can set up two separate shares that link to the same directory. One share, the user/users can read/write/execute and for the second share you can set read only

Here is an example:

So the first one allows anyone that is a member of the admin group to read/write/execute in the /Administration/WindowsAdmin/ folder. The second share allows the active directory user 'auditor' to mount and read the /Administration/WindowsAdmin/ folder. Note the read only flag.