Be very careful with the pam set up. If you make a mistake you might not be able to log back on the machine.
The pam config editing is only necessary if you want AD user to access unix services, I mean non samba stuff, like ssh, ftp, su, xdm, pretty much things that will let them log on the machine.
For samba share access you only need the samba and winbind part.
For user to be able to write to the samba shares you need to make sure of two things.
1. it is writeable = yes
2. the directory permissions are allowing those users to write to it (what you did already)
3. the create and directory mask match those permissions so newly created files or directory will be writeable too.
ie:
[global]
directory mask = 755
[<yourshare>]
create mask = 644
I hope this works.
Denis.
Dieter Wilkens wrote:
Hi Denis,
Thanks for help! After trying several things out I finally worked it out ;-)
No I can connect with the useres from my WinDomain to the samba server - that's fine
But: How do I create vald shares for the several groups? How can I set the rights for the different folders for different Windows-users & Windows-groups? Has this be done on windows or on linux?
I just tried to set permissions with konqueror (if I type the name of my windomain in the field "user" I can see all valid entries in the field... So there is a connection to my PDC) to my existig samba share - but as soon as I try to create a folder from windows I get an error "permission denied" - the same happens if I try to change permissions from windows.. In windows I can see that I'm a valid user for this folder (all permisssions) but I can't change permissions on this folder an also I can't add files or folders to it....
I only changed the samba entry in the pam.d folder:
Auth required pam_winbind.so nodelay Account required pam_winbind.so nodelay Session required pam_winbind.so nodelay Password required pam_winbind.so nodelay
- do I have to change some more of these files to get this working?
Regards
Dieter
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
