J. Smith
asked on
Samba file server using NT4 domain users
I've joined the NT4 domain using "net rpc join -U administrator" and can "wbinfo -u" & -g & -t just fine. But I can only read the shares and cannot write. Plus, I cannot figure out how to give a domain group permissions to read or write. I feel like I'm so close, but just missing a few things to make this all come together. The end goal I'm trying to reach is to create a share on my linux server that my domain users can access (read/write) without typing in any username / password information.
If it's of any value, here's my smb.conf per 'testparm':
# Global parameters
[global]
workgroup = NT4DOMAIN
server string = File Server One
security = DOMAIN
password server = NTSERVER
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
wins server = 10.10.20.13
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = +
winbind use default domain = Yes
[fileshare]
comment = File Server One Main Share
path = /fileshare
valid users = jason
read only = No
create mask = 0765
If it's of any value, here's my smb.conf per 'testparm':
# Global parameters
[global]
workgroup = NT4DOMAIN
server string = File Server One
security = DOMAIN
password server = NTSERVER
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
wins server = 10.10.20.13
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = +
winbind use default domain = Yes
[fileshare]
comment = File Server One Main Share
path = /fileshare
valid users = jason
read only = No
create mask = 0765
and i check again your conf please add this
writable = yes
writable = yes
ASKER
The smb.conf u've posted is from 2002 and a lot of things have changed since then. I've tried writable and it didn't work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, i did all that and i'm still getting access denied
ASKER
e-tsik, what you said works, but I have a few questions for you if you don't mind.
First, I had to create an identical Unix user to for each person that I wanted to give access to the share. Is there a way to give access without creating a local user?
Second, how do I set permissions on a per user/group on a share? I don't mind using set force user = root, but how would i give one user/group only read access and the other write?
Finally, I've read about some users "owning" a file and then another not being able to open it because of that. Is the only way to get around this by using the force user = root?
Thanks!
First, I had to create an identical Unix user to for each person that I wanted to give access to the share. Is there a way to give access without creating a local user?
Second, how do I set permissions on a per user/group on a share? I don't mind using set force user = root, but how would i give one user/group only read access and the other write?
Finally, I've read about some users "owning" a file and then another not being able to open it because of that. Is the only way to get around this by using the force user = root?
Thanks!
Questions? No problem!
1. The reason why you had to create a local user for everyone was because you haven't configured (correctly) pam_smb. Redhat calls is "smb authentication". Failure to log on with the network user/password caused your users not to be able to log on through samba.
2. Permissions without "force user" are quite easy, but they are governed by the unix permissions, which are quite strict. First, you need to learn how unix permissions work (that is, if you haven't by now). You configure permissions with the unix user/group associations and the chown, chmod commands. Samba also uses ext2 attributes to configure "fine grained" permissions (unix permissions only have one owner and group per file, and permissions are granted to these owner and group, fine grained means you can have multiple). I never found it functional in a binary-downloaded configuration (have not tried it on Fedora, though). When that works, you could configure the permissions using the windows "permissions" tab (cool, isn't it?)
1. The reason why you had to create a local user for everyone was because you haven't configured (correctly) pam_smb. Redhat calls is "smb authentication". Failure to log on with the network user/password caused your users not to be able to log on through samba.
2. Permissions without "force user" are quite easy, but they are governed by the unix permissions, which are quite strict. First, you need to learn how unix permissions work (that is, if you haven't by now). You configure permissions with the unix user/group associations and the chown, chmod commands. Samba also uses ext2 attributes to configure "fine grained" permissions (unix permissions only have one owner and group per file, and permissions are granted to these owner and group, fine grained means you can have multiple). I never found it functional in a binary-downloaded configuration (have not tried it on Fedora, though). When that works, you could configure the permissions using the windows "permissions" tab (cool, isn't it?)
ASKER
Alright, I'll have to look into "fine grained" permissions. Thanks for your help!
http://cgi.librelogiciel.com/pipermail/pykota/2004-April/000770.html