Find the answer to your Linux question:
Results 1 to 2 of 2
I have CentOS 6.2 FileServer and a Windows 2008 Server PDC, i have configured samba on CentOS to authenticate all users who need access to files against the WIndows 2008 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2012
    Posts
    1

    Post Samba Permisions /Active Directory Authentication Problem


    I have CentOS 6.2 FileServer and a Windows 2008 Server PDC, i have configured samba on CentOS to authenticate all users who need access to files against the WIndows 2008 Server.

    I have Groups :
    Finance
    HR
    Legal
    Audit on the windows Server, and i have folders on my FileServer corresponding to those groups.
    I created users on Windows and joined them to the various groups, so i want to restrict access to files on file server using group membership.


    wbinfo-u and wbinfo -g are giving me the correct results,
    results that i want e.g

    wbinfo -g
    domain computers
    domain controllers
    schema admins
    enterprise admins
    cert publishers
    domain admins
    domain users
    domain guests
    group policy creator owners
    ras and ias servers
    allowed rodc password replication group
    denied rodc password replication group
    read-only domain controllers
    enterprise read-only domain controllers
    dnsadmins
    finance
    hr
    legal
    audit



    im able to browse and view files that are already on the server, but i cannot create a new file or folder,
    smb.conf

    [global]

    workgroup = LAN
    server string = FILE-SERVER


    security = ads

    realm = LAN.LOCAL

    encrypt passwords = yes
    preferred master = no

    template shell = /bin/bash
    template homedir = /home/%D/%U
    winbind separator = +
    winbind uid = 600-20000
    winbind gid = 600-20222
    winbind use default domain = true
    winbind nested groups = Yes
    winbind enum users = yes
    winbind enum groups = yes
    enhanced browsing = yes
    winbind offline logon = false

    password server = dc.lan.local



    [LEGAL]
    comment = Shared Folder
    path = /home/legal
    writeable = yes
    valid users = NETWORK+legal, NETWORK+directors
    writelist = NETWORK+legal
    create mask = 0777
    force create mode = 0777
    browseable = yes
    guest ok = no

    [HR_ADMIN]
    comment = Shared Folder
    path = /home/hr_admin
    writeable = yes
    valid users = NETWORK+directors, NETWORK+hr_admin
    writelist = NETWORK+hr_admin
    create mask = 0777
    force create mode = 0777
    browseable = yes
    guest ok = no

    [FINANCE]
    comment = Shared Folder
    path = /home/finance
    writeable = yes
    valid users = NETWORK+directors, NETWORK+finance
    writelist = NETWORK+finance
    create mask = 0777
    force create mode = 0777
    browseable = yes
    guest ok = no



    has anyone used this kind of setup to work? i also want someone who will be a member of group 'Domain Admins' to have read and write access to all the folders and files on the server.


    thanks in advance.

  2. #2
    Just Joined!
    Join Date
    Aug 2007
    Location
    Fairfax, VA
    Posts
    22
    What are the file permissions on the share folder? The should reflect the groups that you are trying to use. chgrp finance and they should have write access.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •