[TriLUG] Samba and Active Directory (Working Now)

Brian Blater (BBList) bblist at ridetta.org
Tue Sep 5 09:46:26 EDT 2006


Thank you for everyone's help on this. I now have one Test machine and
one Production server properly authenticating samba with AD. I found the
permission problem to be related to the "valid users" line in the
smb.conf for the share. Basically if the valid user = DOM\group in
smb.conf then the group has to be set to the same on the directory. Even
though the user may belong to DOM\group I can't just set the owner to
the user and get it to work.

Thanks,
Brian

>>> On Tue, Sep 5, 2006 at  2:38 AM, in message
<44FD1B74.6060503 at trilug.org>,
rvestal at trilug.org wrote: 
> This is how I ran the perms on ALL my samba\ADS machines...Never had

> users...only domain groups...only user on the linux box was "root"
> 
> Roy Vestal wrote:
>> IIRC,
>> Simply use the nomenclature "domain\\usernameorgroup"...the single \

>> never worked for me...
>>
>> HTH
>>
>> Matt Nash wrote:
>>> Brian Blater (BBList) wrote:
>>>>>>> On Fri, Sep 1, 2006 at 11:04 AM, in message
>>>>>>>         
>>>> <44F84C11.2040403 at intrex.net>,
>>>> mattnash at intrex.net wrote: 
>>>>> In my smb.conf I have 2 lines that you don't:
>>>>> client use spnego = yes
>>>>> client ntlmv2 auth = yes
>>>>>
>>>>> I used this page to configure winbind and krb5:
>>>>> https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
>>>>>
>>>>> I know you don't have ubuntu, but the instructions are general
enough
>>>>>     
>>>>
>>>>  
>>>>> that it should work.
>>>>>     
>>>>
>>>> Thank you!!! I added the two lines above and made a couple more
changes
>>>> as suggested in the link above (removed the winbind separator line
and
>>>> auth methods line and changed the valid users line in the share) 
and
>>>> I'm attaching to the share without a password.
>>>>
>>>> Now the problem is with perms. If I set the directory 777 no
problem
>>>> writing to the share, or if I make the owner TTA\ituser no
problem
>>>> writing. However if I set the group to the TTA\sambausers group
(which
>>>> ituser is a member of and perms are 775) I cannot write to the
>>>> directory. Any idea what needs to change or how to get the
directory
>>>> writable by an AD group?
>>>>
>>>> Thanks again for helping me get this far.
>>>> Brian
>>>>
>>>>
>>>>   
>>>
>>> Unfortunately that is a bit beyond my experience.  From poking
around 
>>> Google it seems that permissions issues are frequent with Samba.  
>>> Have you tried using the group id as reported by 'getent group' 
>>> rather than the domain\group syntax?  You may also want to try the

>>> group name without the leading domain name.  Also make sure that
you 
>>> have "valid users = TTA\sambausers" or something like it in
smb.conf.
>>




More information about the TriLUG mailing list