Solved

PBIS & Samba Server

Posted on 2014-01-27
4
2,407 Views
Last Modified: 2014-01-28
Afternoon Experts Exchange,

I have currently deployed a Linux Samba server that is integrated with AD using PBIS. The permissions on the shares are working correctly and I can assign AD users permissions to access the shares.

However when a user attempts to access //server/ or //server/share their AD credentials are rejected with the response 'The specified network password is not correct'.

The only account able to access these shares for testing is the account that was originally used to configure the server and also bears the same username\password at the root user on the Linux box. This account adheres to the permissions set on the \\server\share level\ and can be denied access using the AD username and password.

How do I grant access to the \\server\ location of the server to all users whilst retaining the AD permissions at the \\server\share level.

Plokij5006
0
Comment
Question by:plokij5006
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39814063
Are you just entering username\password   or have you tried netbiosdomainname\username?
0
 

Author Comment

by:plokij5006
ID: 39814668
Windows by default would use DOMAIN\Username when connecting onto the shares and we have also manually used the realm as part of the log in.
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39815288
Hello plokij5006,

please keep in mind PBIS uses Kerberos tickets by default for authentication and the interop install needs to be executed on every samba server once. Also, you can set a default domain:

sambasever$  /opt/pbis/bin/samba-interop-install --install

Open in new window


/opt/pbis/bin/samba-interop-install
Usage: /opt/pbis/bin/samba-interop-install {options} [smbd path]

Installs interop libraries into directories used by Samba and copies the
machine password from the PowerBroker Identity Services' database to Samba's.

Options are:
    --help               Show this help message
    --install            Configure smbd to use interop libraries
    --uninstall          Deconfigure smbd's use of interop libraries
    --check-version      Ensure the version of smbd is supported
    --loglevel {level}   Set the logging to error (default), warning, info,
                         verbose, or debug

One of the options, --install, --uninstall, or --check-version must be passed.

The last argument is the path to smbd. If not specified, it will be
automatically detected.

here a valid line from your share definition in smb.conf:
[global]
	security = ADS
        workgroup = MYDOM
        realm = MYDOM.COM
        machine password timeout = 0
...
[myshare]
...
valid users = @"MYDOM\domain users", @@"MYDOM\domain admins"
write list = @"MYDOM\domain users"
read list = @"MYDOM\domain users", @"MYDOM\domain guests"
...

Open in new window


Set the default domain for users without kerberos ticket with:
/opt/pbis/bin/config AssumeDefaultDomain true

Open in new window

0
 

Author Closing Comment

by:plokij5006
ID: 39815501
Thanks Daniel,

The default domain was not set for users without kerberos, once this parameter was set we could access the server with domain accounts.

Once again you have a been a great help and I really appreciate it.

Kind regards,

Andrew
0

Featured Post

Can’t get the mobile email signature right?

Not having any luck when trying to create an email signature for mobile devices? Does the formatting keep messing up? Make sure you have great email signatures on all devices by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now