Samba Share Via AD 2008r2


Have a problem that is driving me nuts.  I'm not a Linux/Samba expert, but my organization has one Linux Server with one samba share that is used solely for Windows 7 users to read files.  A few admins need to read and write to this same share.  Our Admins would map a drive by logging in as Linux Server\Admin, rather than ADDOMAIN\Admin.

All was working OK.  The samba was a stand alone server joined to the domain.  Public users could map a drive to the samba share and read data.  The admins could map the drive and add data to the share.

We recently were forced to upgrade our Windows DCs to 2008 R2.  Since that time, no one has been able to access the samba share at all.  The errors related to permissions or that the network name could not be found.  DNS is working properly.

So....I went on the Linux Server (Suse SLES 11.0) and tweaked the Samba (3.2.7).  I added ldap information pointing to my 2008 R2 PDC in the Samba Yast section.  Reloaded samba services.  Now, the mappings are coming back and the share is browsable all day....better than before!  

The problem is that the mappings treat everyone as if they are all PUBLIC users, thus giving even admins READ ONLY access.  I need the admins to be able to write!  I checked all permissions on the Linux box and I can assure you they are correct. I suspect that the LDAP setting needs some sort of group or user mapping.  But I don't understand the LDAP backend stuff. All I did was add the ldap address, the user DN and the Admin DN and password.

I don't want the Samba server to be a PDC.  I just want the users to be able to login to the Samba share and get proper file permissions.  Do I need to map Active Directory groups and users to match the groups and users that are on the local Samba server?

Any suggestions are greatly appreciated.

Happy Holidays
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Please read the article about Windows Vista (and 7) / Server 2008 (and SMB version 2) located here:
Here - EE Article

It will explain why you MUST upgrade your Samba to a 3.5 version to connect to a Windows 2008 (SMB2) AD server.

I hope it helps you!

Best Regards & Happy Holidays!


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mdaTRammerAuthor Commented:
Thanks for that information.  I had a feeling I needed to upgrade Samba, but not being a Linux Expert, I was leery.  This confirms my suspicions and the article explains why I need to upgrade.  Since I don't expect there to be any quick work around, I am going to go with this solution.

Thanks very much for the information.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.