Solved

How to grant NT domain computer accounts access to samba share?

Posted on 2012-03-30
2
803 Views
Last Modified: 2012-03-30
--please no speculations--

Hi experts.

We have a samba share (latest version) on Suse 12. This samba server is a domain member (domain: windows server 2008, please note that the samba server is not a DC) and winbind is up and running. Domain users can access the shares without problems from windows.

What I would like to achieve is that also domain computer accounts (aka computername$) may access that samba share. Until now I could not even find information on if this is even possible without a samba DC.

What I tried so far is:
-put the computer's IP into the hosts allow line of smb.conf (and restart rcsmb)
-fire the command
chown computername\$@domain:domain-users@domain targetfile

Open in new window

(note the "\" for masking the "$") which succeeds and then ll lists:
rw------- 1 domain\computername$      domain\domain-users 64 Dec  5 18:20 targetfile
So far, so good, but access is still denied.

To test the access, I logged on to "computername" and started a shell using psexec -s -i cmd (which impersonates the system account "computername$") and from that shell I tried to read the targetfile ->access denied.

Is it possible? Did anyone ever do that?

--please no speculations--
0
Comment
Question by:McKnife
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 54

Accepted Solution

by:
McKnife earned 0 total points
ID: 37786580
Aaaargh....... :)
I don't believe it... I simply forgot to change the acl on the share itself, did it only on the file.
0
 
LVL 54

Author Closing Comment

by:McKnife
ID: 37787051
Found the solution on my own
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question