Thank you for everyone's help on this. I now have one Test machine and one Production server properly authenticating samba with AD. I found the permission problem to be related to the "valid users" line in the smb.conf for the share. Basically if the valid user = DOM\group in smb.conf then the group has to be set to the same on the directory. Even though the user may belong to DOM\group I can't just set the owner to the user and get it to work.
Thanks, Brian >>> On Tue, Sep 5, 2006 at 2:38 AM, in message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > This is how I ran the perms on ALL my samba\ADS machines...Never had > users...only domain groups...only user on the linux box was "root" > > Roy Vestal wrote: >> IIRC, >> Simply use the nomenclature "domain\\usernameorgroup"...the single \ >> never worked for me... >> >> HTH >> >> Matt Nash wrote: >>> Brian Blater (BBList) wrote: >>>>>>> On Fri, Sep 1, 2006 at 11:04 AM, in message >>>>>>> >>>> <[EMAIL PROTECTED]>, >>>> [EMAIL PROTECTED] wrote: >>>>> In my smb.conf I have 2 lines that you don't: >>>>> client use spnego = yes >>>>> client ntlmv2 auth = yes >>>>> >>>>> I used this page to configure winbind and krb5: >>>>> https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto >>>>> >>>>> I know you don't have ubuntu, but the instructions are general enough >>>>> >>>> >>>> >>>>> that it should work. >>>>> >>>> >>>> Thank you!!! I added the two lines above and made a couple more changes >>>> as suggested in the link above (removed the winbind separator line and >>>> auth methods line and changed the valid users line in the share) and >>>> I'm attaching to the share without a password. >>>> >>>> Now the problem is with perms. If I set the directory 777 no problem >>>> writing to the share, or if I make the owner TTA\ituser no problem >>>> writing. However if I set the group to the TTA\sambausers group (which >>>> ituser is a member of and perms are 775) I cannot write to the >>>> directory. Any idea what needs to change or how to get the directory >>>> writable by an AD group? >>>> >>>> Thanks again for helping me get this far. >>>> Brian >>>> >>>> >>>> >>> >>> Unfortunately that is a bit beyond my experience. From poking around >>> Google it seems that permissions issues are frequent with Samba. >>> Have you tried using the group id as reported by 'getent group' >>> rather than the domain\group syntax? You may also want to try the >>> group name without the leading domain name. Also make sure that you >>> have "valid users = TTA\sambausers" or something like it in smb.conf. >> -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
