Samba shares with AD - works with security groups but not with users
I'm currently running into an issue where I have configured Samba to integrate with my Active Directory. I'm able to grant users access to shares using security groups but so far have been unable to give individual users access to a share just by using their domain credentials.
Version of Samba: 3.5.10 Distro: Redhat Enterprise Server 6.1 Result from testparm: (comment in * * doesn't exist in config file) [global] workgroup = WORKGROUP realm = DOMAIN.COM server string = server1 security = ADS client schannel = No password server = Server2.domain.com server3.domain.com *domain controllers* log level = 3 passdb:3 auth:3 winbind:3 log file = /var/log/samba/samba.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No domain master = No dns proxy = No wins server = 10.1.1.207 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes [share1] comment = first share with users being specified path = /home/share valid users = WORKGROUP+user1 read only = No create mask = 0666 [share2] comment = 2nd share working with groups path = /home/multimedia read list = @WORKGROUP+group1 write list = @WORKGROUP+group2 read only = No create mask = 0666 When I attempt to browse to share2 from my windows PC (and others on the network XP, server 2k3, and win 7 tested) I receive the error that I do not have permission to access this resource. I'm able to execute the following commands with the expected output wbinfo -u, wbinfo -g, wbinfo -n username, getent passwd. I'm not entirely sure what other information would be useful to help diagnose this issue. I'm not sure what other information would be useful but I am happy to provide any addition information. Thanks, --Rob |
|
Hello:
Please, read this thread: http://www.linuxquestions.org/questi...5/#post4603725 If you put "winbind use default domain = Yes", you don't need to put Quote:
Quote:
|
Sorry for the delay in replying to these replies but I started with the Samba Wiki, and have checked out the thread that was linked with no luck so far. The reason that I put the DOMAIN+ and @DOMAIN+ is because I'm working with a windows sys admin who is just learning about Linux and I wanted to make it very clear for him that those users and groups are in AD and not the local box.
|
[Solved] Samba shares with AD - works with security groups but not with users
Just tracked down the issue to an acl problem instead of the samba issue I had thought it was. When I changed the default mask the shares became accessible to the users it was supposed to be accessible to. Thanks for the replies and the info, have bookmarked those sites!!
|
All times are GMT -5. The time now is 10:38 PM. |