Linux SMB file share setup issues

netjess · 08-08-2018, 09:27 AM

Using Ubuntu 18 LTS, want to use Linux SMB shares at branch offices with AD authentication and file permissions.
Client Windows computer is Windows 10 Pro.

Followed information found online.
https://help.ubuntu.com/lts/serverguide/sssd-ad.html
https://help.ubuntu.com/lts/servergu...tegration.html
https://raymii.org/s/tutorials/SAMBA...ntu_12.04.html

I am trying to use SSSD for AD join/authentication;
Why SSSD over Winbind, "Likewise Open"
https://rhelblog.redhat.com/2015/04/02/sssd-vs-winbind/
https://blog.netnerds.net/2016/04/jo...ectory-domain/
I open Windows Explorer and enter \\servername into the address bar it prompts for credentials. If I enter my AD username and password it says access denied.
If I give it a username that exists on the Linux host in the form of .\username then it will allow me to see the share but double-click on the share to see content prompts me again for permission and returns the message "\\servername\sharename is not accessible. You might not have permissions to use this network resource".

The local account 'testsmb' is a member of nogroup.
File permissions for /srv/samba/share (777):
drwxrwxrwx 2 nobody nogroup 4096 Aug 6 17:28 share
####################################################
SMB.CONF
[global]
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = DOM
...
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
security = ads
realm = DOMAIN.LOCAL
...
[share]
comment = Ubuntu File Server Share
path = /srv/samba/share
browsable = yes
guest ok = yes
read only = no
create mask = 0755
# testsmb is local account on Linux
valid users = "@DOM\Domain Users",testsmb
######################################################
# /etc/sssd/conf.d/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = DOMAIN.LOCAL

[domain/DOMAIN.LOCAL]
lookup_family_order = ipv4_only
krb5_store_password_if_offline = True
id_provider = ad
access_provider = ad
# access_provider = simple
override_homedir = /home/%d/%u
simple_allow_users = joe.schmoe@domain.local,john.doe@domain.local
simple_allow_groups = domain users,
# Uncomment if the AD domain is named differently than the Samba domain
ad_domain = domain.local

######################################################
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat systemd sss
group: compat systemd sss
shadow: compat sss
gshadow: files

hosts: files dns
networks: files

protocols: db files
services: db files sss
ethers: db files
rpc: db files

netgroup: nis sss
sudoers: files sss
#########################################################

Thank you for assistance.
Jesse.