Solved

PBIS & Samba Server

Posted on 2014-01-27
4
2,352 Views
Last Modified: 2014-01-28
Afternoon Experts Exchange,

I have currently deployed a Linux Samba server that is integrated with AD using PBIS. The permissions on the shares are working correctly and I can assign AD users permissions to access the shares.

However when a user attempts to access //server/ or //server/share their AD credentials are rejected with the response 'The specified network password is not correct'.

The only account able to access these shares for testing is the account that was originally used to configure the server and also bears the same username\password at the root user on the Linux box. This account adheres to the permissions set on the \\server\share level\ and can be denied access using the AD username and password.

How do I grant access to the \\server\ location of the server to all users whilst retaining the AD permissions at the \\server\share level.

Plokij5006
0
Comment
Question by:plokij5006
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
Comment Utility
Are you just entering username\password   or have you tried netbiosdomainname\username?
0
 

Author Comment

by:plokij5006
Comment Utility
Windows by default would use DOMAIN\Username when connecting onto the shares and we have also manually used the realm as part of the log in.
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
Comment Utility
Hello plokij5006,

please keep in mind PBIS uses Kerberos tickets by default for authentication and the interop install needs to be executed on every samba server once. Also, you can set a default domain:

sambasever$  /opt/pbis/bin/samba-interop-install --install

Open in new window


/opt/pbis/bin/samba-interop-install
Usage: /opt/pbis/bin/samba-interop-install {options} [smbd path]

Installs interop libraries into directories used by Samba and copies the
machine password from the PowerBroker Identity Services' database to Samba's.

Options are:
    --help               Show this help message
    --install            Configure smbd to use interop libraries
    --uninstall          Deconfigure smbd's use of interop libraries
    --check-version      Ensure the version of smbd is supported
    --loglevel {level}   Set the logging to error (default), warning, info,
                         verbose, or debug

One of the options, --install, --uninstall, or --check-version must be passed.

The last argument is the path to smbd. If not specified, it will be
automatically detected.

here a valid line from your share definition in smb.conf:
[global]
	security = ADS
        workgroup = MYDOM
        realm = MYDOM.COM
        machine password timeout = 0
...
[myshare]
...
valid users = @"MYDOM\domain users", @@"MYDOM\domain admins"
write list = @"MYDOM\domain users"
read list = @"MYDOM\domain users", @"MYDOM\domain guests"
...

Open in new window


Set the default domain for users without kerberos ticket with:
/opt/pbis/bin/config AssumeDefaultDomain true

Open in new window

0
 

Author Closing Comment

by:plokij5006
Comment Utility
Thanks Daniel,

The default domain was not set for users without kerberos, once this parameter was set we could access the server with domain accounts.

Once again you have a been a great help and I really appreciate it.

Kind regards,

Andrew
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now