HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Samba Permisions /Active Directory Authentication Problem (http://www.howtoforge.com/forums/showthread.php?t=57162)

buggz 3rd May 2012 11:08

Samba Permisions /Active Directory Authentication Problem
 
I have CentOS 6.2 FileServer and a Windows 2008 Server PDC, i have configured samba on CentOS to authenticate all users who need access to files against the WIndows 2008 Server.

I have Groups :
Finance
HR
Legal
Audit on the windows Server, and i have folders on my FileServer corsponding to those groups.
I created users on Windows and joined them to the various groups, so i want to restrict access to files on file server using group membership.

i used http://wiki.samba.org/index.php/Samb...tive_Directory to do the installation.

wbinfo -u and
wbinfo -g are giving me the results that i want e.g


Code:

[root@fileserver ~]# wbinfo -g
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
enterprise read-only domain controllers
dnsadmins
finance
hr
legal
audit


im able to browse and view files that are already on the server, but i cannot create a new file or folder, my /etc/samba/smb.conf is as follows

[global]

workgroup = LAN
server string = FILE-SERVER


security = ads

realm = LAN.LOCAL

encrypt passwords = yes
preferred master = no

template shell = /bin/bash
template homedir = /home/%D/%U
winbind separator = +
winbind uid = 600-20000
winbind gid = 600-20222
winbind use default domain = true
winbind nested groups = Yes
winbind enum users = yes
winbind enum groups = yes
enhanced browsing = yes
winbind offline logon = false

password server = dc.lan.local



[LEGAL]
comment = Shared Folder
path = /home/legal
writeable = yes
valid users = @NETWORK+legal @NETWORK+directors
writelist = @NETWORK+legal
create mask = 0777
force create mode = 0777
browseable = yes
guest ok = no

[HR_ADMIN]
comment = Shared Folder
path = /home/hr_admin
writeable = yes
valid users = @NETWORK+directors @NETWORK+hr_admin
writelist = @NETWORK+hr_admin
create mask = 0777
force create mode = 0777
browseable = yes
guest ok = no

[FINANCE]
comment = Shared Folder
path = /home/finance
writeable = yes
valid users = @NETWORK+directors @NETWORK+finance
writelist = @NETWORK+finance
create mask = 0777
force create mode = 0777
browseable = yes
guest ok = no


has anyone used this kind of setup to work? i also want someone who will be a member of group 'Domain Admins' to have read and write access to all the folders and files on the server.


thanks in advance.


All times are GMT +2. The time now is 02:51.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.