LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
 
Search this Thread
Old 01-22-2012, 08:10 PM   #1
cbtshare
Member
 
Registered: Jul 2009
Posts: 570

Rep: Reputation: 42
Samba mapping ADS users


I CAN mount users shares who are created on the samba server, with the command :
stain is a local user on the linux server

Quote:
mount -t cifs -o username=stain,password=Jfe4f //111.111.111.1/stain /home/stain/Desktop/test
but when I want to mount a users directory who is an ADS user.I keep getting permission denied.

The command shows users on the linux and as well as the active directory users.

Code:
ricci:x:140:140:ricci daemon user:/var/lib/ricci:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
pulse:x:496:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
luci:x:141:141:luci user:/var/lib/luci:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:495:489:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
Admin:x:500:500:Andrew Morgan:/home/Admin:/bin/bash
dhcpd:x:177:177:DHCP server:/:/sbin/nologin
stain:x:501:501::/home/stain:/bin/bash
named:x:25:25:Named:/var/named:/sbin/nologin
james:x:605:605::/home/james:/bin/bash


active directory users below


administrator:*:601:617:Administrator:/home/DLNSTREAM/administrator:/bin/bash
guest:*:602:618:Guest:/home/DLNEAM/guest:/bin/bash
krbtgt:*:603:617:krbtgt:/home/DLNEAM/krbtgt:/bin/bash
ads:*:604:617:ads moran:/home/DLNEAM/ads:/bin/bash
keis:*:605:617:keis:/home/DLNEAM/keis:/bin/bash

If I look up the share for a active directory user ,I get :
Code:

so Keis is an active directory user:

smbclient -L 111.111.111.1 -U keis
Password: 

Domain=[DLNEAM] OS=[Unix] Server=[Samba 3.5.10-114.el6]

        Sharename       Type      Comment
        ---------       ----      -------
        WIe            Disk      
        IPC$            IPC       IPC Service (Linux Server1)
        Brother-DCP-7060D Printer   Brother DCP-7060D
        Brother_DCP-7060D Printer   Brother DCP-7060D
        keis           Disk       keis Home Directories
Domain=[DLNEAM] OS=[Unix] Server=[Samba 3.5.10-114.el6]

        Server               Comment
        ---------            -------
        PWINSERVER           
        SERVER1              Linux Server1

        Workgroup            Master
        ---------            -------
        DLNEAM            PWINSERVER
        KENYON               EVAN-TP
        SPORTLAB             SUPERACE2
        WORKGROUP            MACHERINI-HP
but if I try to mount the active directory user keis it I get :
Code:
mount -t cifs -o username=keis,password=aaa //111.111.111.1/keis /home/stain/Desktop/test
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

My samba conf file is :

Code:
[global]
security = ADS
realm = DLNSTREAM.COM
machine password timeout = 0
password server = 111.111.111.12
netbios name = server1
server string = Linux Server1
encrypt passwords = yes
default service = global
workgroup = DLNEAM
time server = Yes
debuglevel = 2
load printers = yes
printing = cups
printcap name = cups
cups options = raw
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = .
idmap uid = 600-20000
idmap gid = 600-20000
;template primary group = "Domain Users"
template shell = /bin/bash
browseable =yes

[homes]
comment = %u Home Directories
valid users = %S
read only = No
writable = yes
browseable =no
available = yes
createmode = 0770
directory mode = 0770
sharemodes = yes
guest ok = no
path = %H


[WIe]
path = /usr/local/mine
writeable = yes
#force user = root
public = yes
available = yes
createmode = 0770
directory mode = 0770
sharemodes = yes
guest ok = no
valid users = @james @stain
browseable = yes
so basically I need to be able to map shares belonging to active directory users.

Last edited by cbtshare; 01-22-2012 at 08:13 PM.
 
Old 01-24-2012, 01:51 PM   #2
cbtshare
Member
 
Registered: Jul 2009
Posts: 570

Original Poster
Rep: Reputation: 42
still cant get this working...
 
Old 01-26-2012, 06:49 AM   #3
tha.siegrist
LQ Newbie
 
Registered: Jan 2012
Location: Bern, Switzerland
Distribution: SuSE Ubuntu RedHat AIX HP-UX
Posts: 3

Rep: Reputation: Disabled
What are the permissions on /home/stain/Desktop/test ?
What is the Domainname of the other users?
Do you trust the other Domain:
allow trusted domains = Yes
 
Old 01-26-2012, 08:16 AM   #4
cbtshare
Member
 
Registered: Jul 2009
Posts: 570

Original Poster
Rep: Reputation: 42
active directory users below


administrator:*:601:617:Administrator:/home/DLNSTREAM/administrator:/bin/bash
guest:*:602:618:Guest:/home/DLNEAM/guest:/bin/bash
krbtgt:*:603:617:krbtgt:/home/DLNEAM/krbtgt:/bin/bash
ads:*:604:617:ads moran:/home/DLNEAM/ads:/bin/bash
keis:*:605:617:keis:/home/DLNEAM/keis:/bin/bash

In the samba config I have :

[homes]
comment = %u Home Directories
valid users = %S
read only = No
writable = yes
browseable =no
available = yes
createmode = 0770
directory mode = 0770
sharemodes = yes
guest ok = no
path = %H
so the folders are created with the 770 permission.

I will check if its a trusted domain.
 
Old 01-28-2012, 02:22 AM   #5
cbtshare
Member
 
Registered: Jul 2009
Posts: 570

Original Poster
Rep: Reputation: 42
The domain is a trusted domain.I dont know whats wrong..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mapping linux users with widows users using samba vathsan Linux - Software 1 07-12-2009 10:21 PM
SAMBA + ADS + users and groups problems teixeira Linux - Server 1 09-03-2008 12:48 PM
Ads for users public_html on Apache 2 Oxagast Linux - Software 5 10-09-2005 06:27 PM
mapping squid to win2000 ads sri_ramjee Linux - Networking 1 03-11-2005 04:09 AM
SAMBA....mapping users and groups TheTrexx Linux - Networking 0 01-20-2003 01:10 PM


All times are GMT -5. The time now is 10:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration