Solved

How to grant NT domain computer accounts access to samba share?

Posted on 2012-03-30
2
792 Views
Last Modified: 2012-03-30
--please no speculations--

Hi experts.

We have a samba share (latest version) on Suse 12. This samba server is a domain member (domain: windows server 2008, please note that the samba server is not a DC) and winbind is up and running. Domain users can access the shares without problems from windows.

What I would like to achieve is that also domain computer accounts (aka computername$) may access that samba share. Until now I could not even find information on if this is even possible without a samba DC.

What I tried so far is:
-put the computer's IP into the hosts allow line of smb.conf (and restart rcsmb)
-fire the command
chown computername\$@domain:domain-users@domain targetfile

Open in new window

(note the "\" for masking the "$") which succeeds and then ll lists:
rw------- 1 domain\computername$      domain\domain-users 64 Dec  5 18:20 targetfile
So far, so good, but access is still denied.

To test the access, I logged on to "computername" and started a shell using psexec -s -i cmd (which impersonates the system account "computername$") and from that shell I tried to read the targetfile ->access denied.

Is it possible? Did anyone ever do that?

--please no speculations--
0
Comment
Question by:McKnife
  • 2
2 Comments
 
LVL 54

Accepted Solution

by:
McKnife earned 0 total points
ID: 37786580
Aaaargh....... :)
I don't believe it... I simply forgot to change the acl on the share itself, did it only on the file.
0
 
LVL 54

Author Closing Comment

by:McKnife
ID: 37787051
Found the solution on my own
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now