Solved

PBIS & Samba Server

Posted on 2014-01-27
4
2,668 Views
Last Modified: 2014-01-28
Afternoon Experts Exchange,

I have currently deployed a Linux Samba server that is integrated with AD using PBIS. The permissions on the shares are working correctly and I can assign AD users permissions to access the shares.

However when a user attempts to access //server/ or //server/share their AD credentials are rejected with the response 'The specified network password is not correct'.

The only account able to access these shares for testing is the account that was originally used to configure the server and also bears the same username\password at the root user on the Linux box. This account adheres to the permissions set on the \\server\share level\ and can be denied access using the AD username and password.

How do I grant access to the \\server\ location of the server to all users whilst retaining the AD permissions at the \\server\share level.

Plokij5006
0
Comment
Question by:plokij5006
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39814063
Are you just entering username\password   or have you tried netbiosdomainname\username?
0
 

Author Comment

by:plokij5006
ID: 39814668
Windows by default would use DOMAIN\Username when connecting onto the shares and we have also manually used the realm as part of the log in.
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39815288
Hello plokij5006,

please keep in mind PBIS uses Kerberos tickets by default for authentication and the interop install needs to be executed on every samba server once. Also, you can set a default domain:

sambasever$  /opt/pbis/bin/samba-interop-install --install

Open in new window


/opt/pbis/bin/samba-interop-install
Usage: /opt/pbis/bin/samba-interop-install {options} [smbd path]

Installs interop libraries into directories used by Samba and copies the
machine password from the PowerBroker Identity Services' database to Samba's.

Options are:
    --help               Show this help message
    --install            Configure smbd to use interop libraries
    --uninstall          Deconfigure smbd's use of interop libraries
    --check-version      Ensure the version of smbd is supported
    --loglevel {level}   Set the logging to error (default), warning, info,
                         verbose, or debug

One of the options, --install, --uninstall, or --check-version must be passed.

The last argument is the path to smbd. If not specified, it will be
automatically detected.

here a valid line from your share definition in smb.conf:
[global]
	security = ADS
        workgroup = MYDOM
        realm = MYDOM.COM
        machine password timeout = 0
...
[myshare]
...
valid users = @"MYDOM\domain users", @@"MYDOM\domain admins"
write list = @"MYDOM\domain users"
read list = @"MYDOM\domain users", @"MYDOM\domain guests"
...

Open in new window


Set the default domain for users without kerberos ticket with:
/opt/pbis/bin/config AssumeDefaultDomain true

Open in new window

0
 

Author Closing Comment

by:plokij5006
ID: 39815501
Thanks Daniel,

The default domain was not set for users without kerberos, once this parameter was set we could access the server with domain accounts.

Once again you have a been a great help and I really appreciate it.

Kind regards,

Andrew
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question