Samba Share Via AD 2008r2


Have a problem that is driving me nuts.  I'm not a Linux/Samba expert, but my organization has one Linux Server with one samba share that is used solely for Windows 7 users to read files.  A few admins need to read and write to this same share.  Our Admins would map a drive by logging in as Linux Server\Admin, rather than ADDOMAIN\Admin.

All was working OK.  The samba was a stand alone server joined to the domain.  Public users could map a drive to the samba share and read data.  The admins could map the drive and add data to the share.

We recently were forced to upgrade our Windows DCs to 2008 R2.  Since that time, no one has been able to access the samba share at all.  The errors related to permissions or that the network name could not be found.  DNS is working properly.

So....I went on the Linux Server (Suse SLES 11.0) and tweaked the Samba (3.2.7).  I added ldap information pointing to my 2008 R2 PDC in the Samba Yast section.  Reloaded samba services.  Now, the mappings are coming back and the share is browsable all day....better than before!  

The problem is that the mappings treat everyone as if they are all PUBLIC users, thus giving even admins READ ONLY access.  I need the admins to be able to write!  I checked all permissions on the Linux box and I can assure you they are correct. I suspect that the LDAP setting needs some sort of group or user mapping.  But I don't understand the LDAP backend stuff. All I did was add the ldap address, the user DN and the Admin DN and password.

I don't want the Samba server to be a PDC.  I just want the users to be able to login to the Samba share and get proper file permissions.  Do I need to map Active Directory groups and users to match the groups and users that are on the local Samba server?

Any suggestions are greatly appreciated.

Happy Holidays
Who is Participating?
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Please read the article about Windows Vista (and 7) / Server 2008 (and SMB version 2) located here:
Here - EE Article

It will explain why you MUST upgrade your Samba to a 3.5 version to connect to a Windows 2008 (SMB2) AD server.

I hope it helps you!

Best Regards & Happy Holidays!

mdaTRammerAuthor Commented:
Thanks for that information.  I had a feeling I needed to upgrade Samba, but not being a Linux Expert, I was leery.  This confirms my suspicions and the article explains why I need to upgrade.  Since I don't expect there to be any quick work around, I am going to go with this solution.

Thanks very much for the information.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.