On Wed, Jun 24, 2009 at 12:34 PM, Reginald0<re...@ig.com.br> wrote: > > Hi, folks! > > I have two RHEL5 Linux machines, both successfuly joined to a Windows 2008 > Server AD domain. I can see AD users, groups, checking trusts, etc. > My problem is that when I try to mount a share from one Linux machine to the > other using a local user, I receive the message "mount error 13 = Permission > denied". > If I add the user with same name/password to the Windows AD domain, then I > can mount the share, and this way I can read but can't write to the mounted > folder on the client side, unless I set "chmod 777" on the server side, but > this would open a security hole on my system. > Before join these two machines to a domain, I was using "security = share" > and "username map" option to map the server local user to the client remote > user, and it was working flawlessly. > Follows below the relevant configuration: > > ________________________________ > > "/etc/samba/smb.conf" on server: > > [GLOBAL] > security = ADS > workgroup = DOMAINNAME > realm = DOMAINNAME > password server = DOMAINSERVERNAME > username map = /etc/samba/smbusers > winbind use default domain = yes > winbind uid = 10000-20000 > winbind gid = 10000-20000 > > [SHARE] > path = /share > writable = yes > browseable = no > create mask = 0664 > valid users = remoteusername > ________________________________ > > "/etc/samba/smbusers" on server: > > localusername = remoteusername > ________________________________ > > "mount" command on client: > > mount -t cifs //MACHINE1/SHARE /share -o user=remoteusername > ________________________________ > > > If you need some more information, please advise me. > > Thanks in advance, > > Reginald0 > > -- > View this message in context: > http://www.nabble.com/Linux-local-user-problem-when-security-%3D-ADS-tp24189729p24189729.html > Sent from the Samba - General mailing list archive at Nabble.com. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Last week I did this, I join my samba server running centos 5.3 with a AD server running Win 2k3. Went I start testing, wbinfo -u, wbinfo -g show all my users and groups from AD, the goal of this is that we don't need to add the each user to Linux+samba user db like we did before with NT4. Now, the: username map = /etc/samba/smbusers I don't like it, I don't have right access to my samba server to see my settings, but I remember that if I would like to share a folder like your example, I did this: mkdir share chmod 0664 share chown DOMAIN+username share [SHARE] path = /share writable = yes browseable = no create mask = 0664 valid users = DOMAIN+username write list = DOMAIN+username Just to point that, I setup winbind, pam and all that stuff to make my AD server to samba all the info about names+groups. See latter. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba