LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 05-11-2011, 02:52 AM   #1
zelycorn
Member
 
Registered: May 2011
Posts: 48

Rep: Reputation: 0
samba : how to synchronize AD users & groups with Samba users &groups


Hello,

I am looking for the best way to make a Samba server to provide shared network files like actually the Windows Server branches do.

I have a RH5 server bind to an AD with ADS security level.

Samba3x is currently installed.

I have a test shared folder. How to proceed to have the best security and to use AD users and groups for granted access ?

I have read a lot of docs but so far I can't choose one because I don't know if the selected one will answer my issue.

I know that the main element to fix is the password for samba users. In facts, all is rely on synchronization.

Here is my smb.conf file :

#======================= Global Settings =====================================

[global]
workgroup = FORMATION
winbind separator = +
realm = FORMATION.*.FR
server string = Samba Server Version %v
security = ADS
#disable netbios = yes
#log level = 3 passdb:5 auth:10 winbind:10
log file = /var/log/samba/samba.%m
max log size = 25000
preferred master = no
local master = no
allow trusted domains = yes
idmap config *:backend = rid
idmap config *:base_rid = 0
idmap config *:range = 1000 - 100000000
idmap config *:backend = rid
idmap config *:base_rid = 0
idmap config *:range = 100000001 - 200000000
idmap config FORMATION:backend = rid
idmap config FORMATION:base_rid = 0
idmap config FORMATION:range = 200000001 - 300000000
idmap uid = 1000-300000000
idmap gid = 1000-300000000
template homedir = /home/%D/%U
template shell = /bin/bash
client NTLMv2 auth = Yes
ntlm auth = No
interfaces = eth0
bind interfaces only = True
invalid users = root @wheel
# Disable printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

[test]
writeable = yes
invalid users = root,@wheel
path = /home/test
guest ok = yes

Last edited by zelycorn; 05-11-2011 at 04:13 AM.
 
Old 05-11-2011, 04:13 AM   #2
zelycorn
Member
 
Registered: May 2011
Posts: 48

Original Poster
Rep: Reputation: 0
I can access the test share with an AD account without password. How to synchronize the samba user password and the AD user password ? How to provide NTML transparent login to access samba shares ?
 
Old 05-11-2011, 04:32 AM   #3
zelycorn
Member
 
Registered: May 2011
Posts: 48

Original Poster
Rep: Reputation: 0
So, i can access the test shared folder with ntlm support I've just desactivated the No password for the user. Now, how to deploy this change to all the samba user (comes from AD) ?
 
Old 05-12-2011, 01:53 AM   #4
zelycorn
Member
 
Registered: May 2011
Posts: 48

Original Poster
Rep: Reputation: 0
Ldap is used to allow domain users access to the linux server.

Can I mix ldap and winbind to keep access and to share folders with domain groups ?
 
Old 05-12-2011, 03:38 AM   #5
zelycorn
Member
 
Registered: May 2011
Posts: 48

Original Poster
Rep: Reputation: 0
I can mix ldap auth and winbind.

But i always can't share the folder for AD security group.

[test]
browseable = yes
writeable = yes
create mask = 700
directory mask = 700
path = /home/test
# valid users=@domain users

If i uncomment valid users and with many others combinations like @domain+domain users or @domain+"domain users" or @"domain users", users can't accès the test shared folder.
 
Old 05-12-2011, 09:15 AM   #6
zelycorn
Member
 
Registered: May 2011
Posts: 48

Original Poster
Rep: Reputation: 0
so i'm ok with valid users=@"DOMAIN+Domain Users". Domain Users value could be all security groups in AD..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba Users and groups with different access? logonuser Linux - Server 2 09-07-2008 07:38 AM
Samba Users & Groups Privileges Bilal84 Linux - Networking 3 10-11-2005 08:31 AM
users & groups evilDOTnet Fedora 2 06-03-2005 05:17 PM
Groups & Users Obie Linux - Security 3 08-16-2004 04:30 PM
SAMBA....mapping users and groups TheTrexx Linux - Networking 0 01-20-2003 01:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 05:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration