LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Samba shares with AD - works with security groups but not with users (https://www.linuxquestions.org/questions/linux-server-73/samba-shares-with-ad-works-with-security-groups-but-not-with-users-930403/)

rob,s 02-20-2012 06:57 PM
Samba shares with AD - works with security groups but not with users
 
I'm currently running into an issue where I have configured Samba to integrate with my Active Directory. I'm able to grant users access to shares using security groups but so far have been unable to give individual users access to a share just by using their domain credentials.

Version of Samba: 3.5.10
Distro: Redhat Enterprise Server 6.1

Result from testparm: (comment in * * doesn't exist in config file)

[global]
workgroup = WORKGROUP
realm = DOMAIN.COM
server string = server1
security = ADS
client schannel = No
password server = Server2.domain.com server3.domain.com *domain controllers*
log level = 3 passdb:3 auth:3 winbind:3
log file = /var/log/samba/samba.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = No
domain master = No
dns proxy = No
wins server = 10.1.1.207
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes


[share1]
comment = first share with users being specified
path = /home/share
valid users = WORKGROUP+user1
read only = No
create mask = 0666

[share2]
comment = 2nd share working with groups
path = /home/multimedia
read list = @WORKGROUP+group1
write list = @WORKGROUP+group2
read only = No
create mask = 0666

When I attempt to browse to share2 from my windows PC (and others on the network XP, server 2k3, and win 7 tested) I receive the error that I do not have permission to access this resource.

I'm able to execute the following commands with the expected output
wbinfo -u, wbinfo -g, wbinfo -n username, getent passwd.

I'm not entirely sure what other information would be useful to help diagnose this issue. I'm not sure what other information would be useful but I am happy to provide any addition information.

Thanks,

--Rob

ac_kumar 02-21-2012 01:02 PM
http://wiki.samba.org/index.php/Samb...tive_Directory
may help

Felipe 02-21-2012 01:08 PM
Hello:

Please, read this thread:

http://www.linuxquestions.org/questi...5/#post4603725

If you put "winbind use default domain = Yes", you don't need to put
Quote:
DOMAIN+user
@DOMAIN+group
for users and domains of the same domain is joined the computer. It's enought with
Quote:
user
domain

rob,s 02-23-2012 09:59 AM
Sorry for the delay in replying to these replies but I started with the Samba Wiki, and have checked out the thread that was linked with no luck so far. The reason that I put the DOMAIN+ and @DOMAIN+ is because I'm working with a windows sys admin who is just learning about Linux and I wanted to make it very clear for him that those users and groups are in AD and not the local box.

rob,s 02-23-2012 10:25 AM
[Solved] Samba shares with AD - works with security groups but not with users
 
Just tracked down the issue to an acl problem instead of the samba issue I had thought it was. When I changed the default mask the shares became accessible to the users it was supposed to be accessible to. Thanks for the replies and the info, have bookmarked those sites!!


All times are GMT -5. The time now is 10:38 PM.