Samba File Serve & Win Domain Users
Hello,
i want to run file server with samba and domain users could only change(rw) their files , How can i implement it ? Best Regards, Hesaum |
So you want to integrate your Linux Samba into a Windows 2003/2008 Active Directory?
|
yes , i want domain users can accesss file server in linux Samba, i want to replace windows file server with linux file server
Best Regards. |
One of your first steps is to ensure kerberos is able to authenticate with your Active Directory. I'm familiar with RHEL config file layout, so that's what I'll be listing.
You want to update /etc/krb5.conf. An example of this file: Code:
[libdefaults] Once you have a good krb5.conf, you can test it by Code:
kinit user@ATHENA.MIT.EDU Once you have this working post back, and I'll help you setup the Samba config. |
Quote:
Thank in advance! :) |
Quote:
Peace. PMA |
Hello,
i implement kerberos auth on debian linux , now i want to install samba , what configuration do i need ? Best Regards, |
Quote:
Code:
Code:
#vi /etc/samba/smb.conf |
thanks for your reply,
but my users are windows domain users and authentication must be done by ADS, config of samba work with ADS? Best Regards. |
Quote:
http://www.linuxmail.info/active-dir...amba-centos-5/ You can try this |
pma083, is your kinit user@domain functioning? You got me confused. ;)
hesisaboury, if you have your kerberos able to authenticate to your ads then you are 1/3 the way there! I do not have my config files here, so I will be shooting from the hip on some of this. Here are some lines you will need in your smb.conf: Code:
workgroup = DOMAIN Code:
net ads join -U Administrator@$FQDN_OF_YOUR_DOMAIN Code:
service samba restart Administrator can be any admin account on your domain, but must be an admin. If that is successful then your samba is now able to act as a member of your domain. This doesn't mean you are finished with the configuration. |
Hi,
Finally i joined debian linux to ADS , i got error about DNS but it joined successfully, root@debian:/home/hesaum# net ads join -U Administrator Enter Administrator's password: Using short domain name -- POGC Joined 'DEBIAN' to realm 'POGC.COM' DNS update failed! in active directory->computers i see my linux host name and also i used this command for test root@debian:/home/hesaum# wbinfo -n user1 S-1-5-21-2670042356-3564497424-2797598806-1106 SID_USER (1) i used your guide (Passmossis) and the following forum : http://ubuntuforums.org/showthread.php?t=91510 now i want to know what should i have to next? Best Regards, |
You can now share files/folders between Windows and Linux. From here, it's as simple as setting up a share for any other security method. Your active directory users should be able to access it so long as they are referenced in the share.
A tool I use with valid users is @group to specify the windows group (ie administrators) that can access the share. Code:
[WinAdmin] To mount a windows share to the linux box you can mount the windows share utilizing the cifs format. There is also a specific cifsmount command you can find I'm sure. You can also setup to allow your windows users to log in to the Linux system directly. If you are ubuntu, I do not know the setup for authentication. I think your link covered it. As your link describes, you need to update your: Code:
/etc/nsswitch.conf I have not received or seen the DNS error before. Perhaps view your samba log for additional information, being log level 3 should help. You can always increase the log level, but trust me once you go 5 and above it gets really hard to truly see what is going on (to me anyway). |
Hi,
Your guide was helpful , but now i want to know, if users want it's own folder (read,write,execute) and others only read ,i have to create folders for every user and set permissions , or there are other ways ... Thank You, |
You can set up two separate shares that link to the same directory. One share, the user/users can read/write/execute and for the second share you can set read only
Here is an example: Code:
[WinAdmin] |
All times are GMT -5. The time now is 09:20 AM. |