Hi Ivan, I'm working on a similar thing but is having some issues with the kerberos sessions between samba and AD. Is your Samba server a member of a Win2k8R2 or a Win2k3 domain?
Thanks /Jonathan On Fri, Oct 2, 2009 at 9:00 AM, Ivan Ordonez <[email protected]> wrote: > > > Robert LeBlanc wrote: >> >> What are the permissions on /shared/drive? We use ACLs to control access >> rather than smb.conf. This gives us great flexability and you can kind of >> manage it using a Windows machine. If you have Kerberos keytab generated, >> you can smbmount on Linux using the -o sec=krb5 and no passwords are needed, >> it also obeys ACL. The only catch is that you need to use RID or LDAP for >> uid/gid mapping or else your permissions won't line up. >> >> Robert LeBlanc >> Life Sciences & Undergraduate Education Computer Support >> Brigham Young University >> >> >> On Thu, Oct 1, 2009 at 10:14 AM, Ivan Ordonez <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hello, >> >> We have a Gentoo box running Samba and is a member of the Active >> Directory domain. This Gentoo box will be a fileserver when >> everything is completed and setup as it should. I want our users >> to login to their computer (Computers are all members of the same >> Active Directory domain) using Active Directory accounts/domain >> for authentication. I am using Winbind for Active Directory >> authentication/integration. I'm almost done except file permission >> issue. All is working smoothly (ie. wbinfo, smbclient, getent, >> etc.). I can access/map the shared drive on the Gentoo box from >> any Windows computer, login to a machine without a problem using >> Active Directory accounts. The Active Directory authentication >> with Winbind is working as it should. >> >> For some odd reason, I can't figure out how to give permissions to >> all users the ability to make changes/add new folders on the >> shared drive. I am getting access denied even when the users or >> group are valid users of the shared drive per smb.conf. Below is >> my smb.conf shared configuration: >> >> [shared] >> comment = shared >> path = /shared/drive >> read only = no >> inherit permissions = yes >> create mask = 755 >> directory mask = 755 >> valid users = @"MYDOMAIN+mygroup" >> browseable = yes >> writable = yes >> >> Any help would be greatly appreciated. >> >> -Ivan >> -- To unsubscribe from this list go to the following URL and read >> the >> instructions: https://lists.samba.org/mailman/options/samba >> > Hi, > > The files and folders on the shared drive are owned by local Linux account. > The permissions are read, write and execute by the owner, read and write by > group and all. I was hoping that smb.conf will control the shared drive > access but having a hard time doing so. I would like to use ACL if that is > the best way to make it work. Would you mind giving me few pointers or > point me to the right direction to get started on ACL? I am no LDAP expert > but I think I can get by if I have to use it. > > Thanks! > > -Ivan > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
