Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd May 2012, 11:08
buggz buggz is offline
Junior Member
 
Join Date: Jul 2009
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Samba Permisions /Active Directory Authentication Problem

I have CentOS 6.2 FileServer and a Windows 2008 Server PDC, i have configured samba on CentOS to authenticate all users who need access to files against the WIndows 2008 Server.

I have Groups :
Finance
HR
Legal
Audit on the windows Server, and i have folders on my FileServer corsponding to those groups.
I created users on Windows and joined them to the various groups, so i want to restrict access to files on file server using group membership.

i used http://wiki.samba.org/index.php/Samb...tive_Directory to do the installation.

wbinfo -u and
wbinfo -g are giving me the results that i want e.g


Code:
[root@fileserver ~]# wbinfo -g
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
enterprise read-only domain controllers
dnsadmins
finance
hr
legal
audit

im able to browse and view files that are already on the server, but i cannot create a new file or folder, my /etc/samba/smb.conf is as follows

[global]

workgroup = LAN
server string = FILE-SERVER


security = ads

realm = LAN.LOCAL

encrypt passwords = yes
preferred master = no

template shell = /bin/bash
template homedir = /home/%D/%U
winbind separator = +
winbind uid = 600-20000
winbind gid = 600-20222
winbind use default domain = true
winbind nested groups = Yes
winbind enum users = yes
winbind enum groups = yes
enhanced browsing = yes
winbind offline logon = false

password server = dc.lan.local



[LEGAL]
comment = Shared Folder
path = /home/legal
writeable = yes
valid users = @NETWORK+legal @NETWORK+directors
writelist = @NETWORK+legal
create mask = 0777
force create mode = 0777
browseable = yes
guest ok = no

[HR_ADMIN]
comment = Shared Folder
path = /home/hr_admin
writeable = yes
valid users = @NETWORK+directors @NETWORK+hr_admin
writelist = @NETWORK+hr_admin
create mask = 0777
force create mode = 0777
browseable = yes
guest ok = no

[FINANCE]
comment = Shared Folder
path = /home/finance
writeable = yes
valid users = @NETWORK+directors @NETWORK+finance
writelist = @NETWORK+finance
create mask = 0777
force create mode = 0777
browseable = yes
guest ok = no


has anyone used this kind of setup to work? i also want someone who will be a member of group 'Domain Admins' to have read and write access to all the folders and files on the server.


thanks in advance.
Reply With Quote
Sponsored Links
Reply

Bookmarks

Tags
active directory, permission denied, samba

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Install failure -- Apache 1.3 missing? Allen15 Installation/Configuration 11 24th February 2009 09:53
add web site serr57 Installation/Configuration 18 13th April 2008 11:40
update failed loge Installation/Configuration 6 1st December 2007 17:53
Installations Problem @ PHP thryb Installation/Configuration 1 7th November 2007 13:41
ISP install problems Debian sarge 3.1 lerra Installation/Configuration 1 5th January 2006 16:37


All times are GMT +2. The time now is 06:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.