[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to grant NT domain computer accounts access to samba share?

Posted on 2012-03-30
2
Medium Priority
?
815 Views
Last Modified: 2012-03-30
--please no speculations--

Hi experts.

We have a samba share (latest version) on Suse 12. This samba server is a domain member (domain: windows server 2008, please note that the samba server is not a DC) and winbind is up and running. Domain users can access the shares without problems from windows.

What I would like to achieve is that also domain computer accounts (aka computername$) may access that samba share. Until now I could not even find information on if this is even possible without a samba DC.

What I tried so far is:
-put the computer's IP into the hosts allow line of smb.conf (and restart rcsmb)
-fire the command
chown computername\$@domain:domain-users@domain targetfile

Open in new window

(note the "\" for masking the "$") which succeeds and then ll lists:
rw------- 1 domain\computername$      domain\domain-users 64 Dec  5 18:20 targetfile
So far, so good, but access is still denied.

To test the access, I logged on to "computername" and started a shell using psexec -s -i cmd (which impersonates the system account "computername$") and from that shell I tried to read the targetfile ->access denied.

Is it possible? Did anyone ever do that?

--please no speculations--
0
Comment
Question by:McKnife
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 56

Accepted Solution

by:
McKnife earned 0 total points
ID: 37786580
Aaaargh....... :)
I don't believe it... I simply forgot to change the acl on the share itself, did it only on the file.
0
 
LVL 56

Author Closing Comment

by:McKnife
ID: 37787051
Found the solution on my own
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question