Samba as fileserver on Active Directory domain
in [Samba]
|
From: Robert LeBlanc on 2 Oct 2009 11:00 What are the permissions on /shared/drive? We use ACLs to control access rather than smb.conf. This gives us great flexability and you can kind of manage it using a Windows machine. If you have Kerberos keytab generated, you can smbmount on Linux using the -o sec=krb5 and no passwords are needed, it also obeys ACL. The only catch is that you need to use RID or LDAP for uid/gid mapping or else your permissions won't line up. Robert LeBlanc Life Sciences & Undergraduate Education Computer Support Brigham Young University On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez(a)berkeley.edu> wrote: > Hello, > > We have a Gentoo box running Samba and is a member of the Active Directory > domain. This Gentoo box will be a fileserver when everything is completed > and setup as it should. I want our users to login to their computer > (Computers are all members of the same Active Directory domain) using Active > Directory accounts/domain for authentication. I am using Winbind for Active > Directory authentication/integration. I'm almost done except file permission > issue. All is working smoothly (ie. wbinfo, smbclient, getent, etc.). I can > access/map the shared drive on the Gentoo box from any Windows computer, > login to a machine without a problem using Active Directory accounts. The > Active Directory authentication with Winbind is working as it should. > > For some odd reason, I can't figure out how to give permissions to all > users the ability to make changes/add new folders on the shared drive. I am > getting access denied even when the users or group are valid users of the > shared drive per smb.conf. Below is my smb.conf shared configuration: > > [shared] > comment = shared > path = /shared/drive > read only = no > inherit permissions = yes > create mask = 755 > directory mask = 755 > valid users = @"MYDOMAIN+mygroup" > browseable = yes > writable = yes > > Any help would be greatly appreciated. > > -Ivan > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Ivan Ordonez on 2 Oct 2009 12:10 Robert LeBlanc wrote: > What are the permissions on /shared/drive? We use ACLs to control > access rather than smb.conf. This gives us great flexability and you > can kind of manage it using a Windows machine. If you have Kerberos > keytab generated, you can smbmount on Linux using the -o sec=krb5 and > no passwords are needed, it also obeys ACL. The only catch is that you > need to use RID or LDAP for uid/gid mapping or else your permissions > won't line up. > > Robert LeBlanc > Life Sciences & Undergraduate Education Computer Support > Brigham Young University > > > On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez(a)berkeley.edu > <mailto:iordonez(a)berkeley.edu>> wrote: > > Hello, > > We have a Gentoo box running Samba and is a member of the Active > Directory domain. This Gentoo box will be a fileserver when > everything is completed and setup as it should. I want our users > to login to their computer (Computers are all members of the same > Active Directory domain) using Active Directory accounts/domain > for authentication. I am using Winbind for Active Directory > authentication/integration. I'm almost done except file permission > issue. All is working smoothly (ie. wbinfo, smbclient, getent, > etc.). I can access/map the shared drive on the Gentoo box from > any Windows computer, login to a machine without a problem using > Active Directory accounts. The Active Directory authentication > with Winbind is working as it should. > > For some odd reason, I can't figure out how to give permissions to > all users the ability to make changes/add new folders on the > shared drive. I am getting access denied even when the users or > group are valid users of the shared drive per smb.conf. Below is > my smb.conf shared configuration: > > [shared] > comment = shared > path = /shared/drive > read only = no > inherit permissions = yes > create mask = 755 > directory mask = 755 > valid users = @"MYDOMAIN+mygroup" > browseable = yes > writable = yes > > Any help would be greatly appreciated. > > -Ivan > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > Hi, The files and folders on the shared drive are owned by local Linux account. The permissions are read, write and execute by the owner, read and write by group and all. I was hoping that smb.conf will control the shared drive access but having a hard time doing so. I would like to use ACL if that is the best way to make it work. Would you mind giving me few pointers or point me to the right direction to get started on ACL? I am no LDAP expert but I think I can get by if I have to use it. Thanks! -Ivan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jonathan Petersson on 2 Oct 2009 12:20 Hi Ivan, I'm working on a similar thing but is having some issues with the kerberos sessions between samba and AD. Is your Samba server a member of a Win2k8R2 or a Win2k3 domain? Thanks /Jonathan On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez <iordonez(a)berkeley.edu> wrote: > > > Robert LeBlanc wrote: >> >> What are the permissions on /shared/drive? We use ACLs to control access >> rather than smb.conf. This gives us great flexability and you can kind of >> manage it using a Windows machine. If you have Kerberos keytab generated, >> you can smbmount on Linux using the -o sec=krb5 and no passwords are needed, >> it also obeys ACL. The only catch is that you need to use RID or LDAP for >> uid/gid mapping or else your permissions won't line up. >> >> Robert LeBlanc >> Life Sciences & Undergraduate Education Computer Support >> Brigham Young University >> >> >> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez(a)berkeley.edu >> <mailto:iordonez(a)berkeley.edu>> wrote: >> >> Hello, >> >> We have a Gentoo box running Samba and is a member of the Active >> Directory domain. This Gentoo box will be a fileserver when >> everything is completed and setup as it should. I want our users >> to login to their computer (Computers are all members of the same >> Active Directory domain) using Active Directory accounts/domain >> for authentication. I am using Winbind for Active Directory >> authentication/integration. I'm almost done except file permission >> issue. All is working smoothly (ie. wbinfo, smbclient, getent, >> etc.). I can access/map the shared drive on the Gentoo box from >> any Windows computer, login to a machine without a problem using >> Active Directory accounts. The Active Directory authentication >> with Winbind is working as it should. >> >> For some odd reason, I can't figure out how to give permissions to >> all users the ability to make changes/add new folders on the >> shared drive. I am getting access denied even when the users or >> group are valid users of the shared drive per smb.conf. Below is >> my smb.conf shared configuration: >> >> [shared] >> comment = shared >> path = /shared/drive >> read only = no >> inherit permissions = yes >> create mask = 755 >> directory mask = 755 >> valid users = @"MYDOMAIN+mygroup" >> browseable = yes >> writable = yes >> >> Any help would be greatly appreciated. >> >> -Ivan >> -- To unsubscribe from this list go to the following URL and read >> the >> instructions: https://lists.samba.org/mailman/options/samba >> > Hi, > > The files and folders on the shared drive are owned by local Linux account. > The permissions are read, write and execute by the owner, read and write by > group and all. I was hoping that smb.conf will control the shared drive > access but having a hard time doing so. I would like to use ACL if that is > the best way to make it work. Would you mind giving me few pointers or > point me to the right direction to get started on ACL? I am no LDAP expert > but I think I can get by if I have to use it. > > Thanks! > > -Ivan > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Ivan Ordonez on 2 Oct 2009 12:40 Jonathan Petersson wrote: > Hi Ivan, > > I'm working on a similar thing but is having some issues with the > kerberos sessions between samba and AD. Is your Samba server a member > of a Win2k8R2 or a Win2k3 domain? > > Thanks > > /Jonathan > > On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez <iordonez(a)berkeley.edu> wrote: > >> Robert LeBlanc wrote: >> >>> What are the permissions on /shared/drive? We use ACLs to control access >>> rather than smb.conf. This gives us great flexability and you can kind of >>> manage it using a Windows machine. If you have Kerberos keytab generated, >>> you can smbmount on Linux using the -o sec=krb5 and no passwords are needed, >>> it also obeys ACL. The only catch is that you need to use RID or LDAP for >>> uid/gid mapping or else your permissions won't line up. >>> >>> Robert LeBlanc >>> Life Sciences & Undergraduate Education Computer Support >>> Brigham Young University >>> >>> >>> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez(a)berkeley.edu >>> <mailto:iordonez(a)berkeley.edu>> wrote: >>> >>> Hello, >>> >>> We have a Gentoo box running Samba and is a member of the Active >>> Directory domain. This Gentoo box will be a fileserver when >>> everything is completed and setup as it should. I want our users >>> to login to their computer (Computers are all members of the same >>> Active Directory domain) using Active Directory accounts/domain >>> for authentication. I am using Winbind for Active Directory >>> authentication/integration. I'm almost done except file permission >>> issue. All is working smoothly (ie. wbinfo, smbclient, getent, >>> etc.). I can access/map the shared drive on the Gentoo box from >>> any Windows computer, login to a machine without a problem using >>> Active Directory accounts. The Active Directory authentication >>> with Winbind is working as it should. >>> >>> For some odd reason, I can't figure out how to give permissions to >>> all users the ability to make changes/add new folders on the >>> shared drive. I am getting access denied even when the users or >>> group are valid users of the shared drive per smb.conf. Below is >>> my smb.conf shared configuration: >>> >>> [shared] >>> comment = shared >>> path = /shared/drive >>> read only = no >>> inherit permissions = yes >>> create mask = 755 >>> directory mask = 755 >>> valid users = @"MYDOMAIN+mygroup" >>> browseable = yes >>> writable = yes >>> >>> Any help would be greatly appreciated. >>> >>> -Ivan >>> -- To unsubscribe from this list go to the following URL and read >>> the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> >> Hi, >> >> The files and folders on the shared drive are owned by local Linux account. >> The permissions are read, write and execute by the owner, read and write by >> group and all. I was hoping that smb.conf will control the shared drive >> access but having a hard time doing so. I would like to use ACL if that is >> the best way to make it work. Would you mind giving me few pointers or >> point me to the right direction to get started on ACL? I am no LDAP expert >> but I think I can get by if I have to use it. >> >> Thanks! >> >> -Ivan >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> Hi Jonathan, Our Samba server is a member of Win2k8R2 domain. Thanks, -Ivan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jonathan Petersson on 2 Oct 2009 13:20 How did you solve the kerberos portion how things, when winbind tries to connect to my server the kerberos sessions fails as it tries to connect with the workgroup instead of the realm. Thanks /Jonathan On Fri, Oct 2, 2009 at 9:36 AM, Ivan Ordonez <iordonez(a)berkeley.edu> wrote: > > > Jonathan Petersson wrote: >> >> Hi Ivan, >> >> I'm working on a similar thing but is having some issues with the >> kerberos sessions between samba and AD. Is your Samba server a member >> of a Win2k8R2 or a Win2k3 domain? >> >> Thanks >> >> /Jonathan >> >> On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez <iordonez(a)berkeley.edu> >> wrote: >> >>> >>> Robert LeBlanc wrote: >>> >>>> >>>> What are the permissions on /shared/drive? We use ACLs to control access >>>> rather than smb.conf. This gives us great flexability and you can kind >>>> of >>>> manage it using a Windows machine. If you have Kerberos keytab >>>> generated, >>>> you can smbmount on Linux using the -o sec=krb5 and no passwords are >>>> needed, >>>> it also obeys ACL. The only catch is that you need to use RID or LDAP >>>> for >>>> uid/gid mapping or else your permissions won't line up. >>>> >>>> Robert LeBlanc >>>> Life Sciences & Undergraduate Education Computer Support >>>> Brigham Young University >>>> >>>> >>>> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <iordonez(a)berkeley.edu >>>> <mailto:iordonez(a)berkeley.edu>> wrote: >>>> >>>> Hello, >>>> >>>> We have a Gentoo box running Samba and is a member of the Active >>>> Directory domain. This Gentoo box will be a fileserver when >>>> everything is completed and setup as it should. I want our users >>>> to login to their computer (Computers are all members of the same >>>> Active Directory domain) using Active Directory accounts/domain >>>> for authentication. I am using Winbind for Active Directory >>>> authentication/integration. I'm almost done except file permission >>>> issue. All is working smoothly (ie. wbinfo, smbclient, getent, >>>> etc.). I can access/map the shared drive on the Gentoo box from >>>> any Windows computer, login to a machine without a problem using >>>> Active Directory accounts. The Active Directory authentication >>>> with Winbind is working as it should. >>>> >>>> For some odd reason, I can't figure out how to give permissions to >>>> all users the ability to make changes/add new folders on the >>>> shared drive. I am getting access denied even when the users or >>>> group are valid users of the shared drive per smb.conf. Below is >>>> my smb.conf shared configuration: >>>> >>>> [shared] >>>> comment = shared >>>> path = /shared/drive >>>> read only = no >>>> inherit permissions = yes >>>> create mask = 755 >>>> directory mask = 755 >>>> valid users = @"MYDOMAIN+mygroup" >>>> browseable = yes >>>> writable = yes >>>> >>>> Any help would be greatly appreciated. >>>> >>>> -Ivan >>>> -- To unsubscribe from this list go to the following URL and read >>>> the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>>> >>> >>> Hi, >>> >>> The files and folders on the shared drive are owned by local Linux >>> account. >>> The permissions are read, write and execute by the owner, read and write >>> by >>> group and all. I was hoping that smb.conf will control the shared drive >>> access but having a hard time doing so. I would like to use ACL if that >>> is >>> the best way to make it work. Would you mind giving me few pointers or >>> point me to the right direction to get started on ACL? I am no LDAP >>> expert >>> but I think I can get by if I have to use it. >>> >>> Thanks! >>> >>> -Ivan >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >>> > > Hi Jonathan, > > Our Samba server is a member of Win2k8R2 domain. > Thanks, > -Ivan > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Next
|
Last
Pages: 1 2 3 Prev: Cannot compile RHEL rpms using samba 3.4.2 series source Next: [Samba] MSH_SHUTDOWN |