McKnife
asked on
How to grant NT domain computer accounts access to samba share?
--please no speculations--
Hi experts.
We have a samba share (latest version) on Suse 12. This samba server is a domain member (domain: windows server 2008, please note that the samba server is not a DC) and winbind is up and running. Domain users can access the shares without problems from windows.
What I would like to achieve is that also domain computer accounts (aka computername$) may access that samba share. Until now I could not even find information on if this is even possible without a samba DC.
What I tried so far is:
-put the computer's IP into the hosts allow line of smb.conf (and restart rcsmb)
-fire the command
To test the access, I logged on to "computername" and started a shell using psexec -s -i cmd (which impersonates the system account "computername$") and from that shell I tried to read the targetfile ->access denied.
Is it possible? Did anyone ever do that?
--please no speculations--
Hi experts.
We have a samba share (latest version) on Suse 12. This samba server is a domain member (domain: windows server 2008, please note that the samba server is not a DC) and winbind is up and running. Domain users can access the shares without problems from windows.
What I would like to achieve is that also domain computer accounts (aka computername$) may access that samba share. Until now I could not even find information on if this is even possible without a samba DC.
What I tried so far is:
-put the computer's IP into the hosts allow line of smb.conf (and restart rcsmb)
-fire the command
chown computername\$@domain:domain-users@domain targetfile
(note the "\" for masking the "$") which succeeds and then ll lists:rw------- 1 domain\computername$ domain\domain-users 64 Dec 5 18:20 targetfileSo far, so good, but access is still denied.
To test the access, I logged on to "computername" and started a shell using psexec -s -i cmd (which impersonates the system account "computername$") and from that shell I tried to read the targetfile ->access denied.
Is it possible? Did anyone ever do that?
--please no speculations--
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER