[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

PBIS & Samba Server

Posted on 2014-01-27
4
Medium Priority
?
3,007 Views
Last Modified: 2014-01-28
Afternoon Experts Exchange,

I have currently deployed a Linux Samba server that is integrated with AD using PBIS. The permissions on the shares are working correctly and I can assign AD users permissions to access the shares.

However when a user attempts to access //server/ or //server/share their AD credentials are rejected with the response 'The specified network password is not correct'.

The only account able to access these shares for testing is the account that was originally used to configure the server and also bears the same username\password at the root user on the Linux box. This account adheres to the permissions set on the \\server\share level\ and can be denied access using the AD username and password.

How do I grant access to the \\server\ location of the server to all users whilst retaining the AD permissions at the \\server\share level.

Plokij5006
0
Comment
Question by:plokij5006
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39814063
Are you just entering username\password   or have you tried netbiosdomainname\username?
0
 

Author Comment

by:plokij5006
ID: 39814668
Windows by default would use DOMAIN\Username when connecting onto the shares and we have also manually used the realm as part of the log in.
0
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 2000 total points
ID: 39815288
Hello plokij5006,

please keep in mind PBIS uses Kerberos tickets by default for authentication and the interop install needs to be executed on every samba server once. Also, you can set a default domain:

sambasever$  /opt/pbis/bin/samba-interop-install --install

Open in new window


/opt/pbis/bin/samba-interop-install
Usage: /opt/pbis/bin/samba-interop-install {options} [smbd path]

Installs interop libraries into directories used by Samba and copies the
machine password from the PowerBroker Identity Services' database to Samba's.

Options are:
    --help               Show this help message
    --install            Configure smbd to use interop libraries
    --uninstall          Deconfigure smbd's use of interop libraries
    --check-version      Ensure the version of smbd is supported
    --loglevel {level}   Set the logging to error (default), warning, info,
                         verbose, or debug

One of the options, --install, --uninstall, or --check-version must be passed.

The last argument is the path to smbd. If not specified, it will be
automatically detected.

here a valid line from your share definition in smb.conf:
[global]
	security = ADS
        workgroup = MYDOM
        realm = MYDOM.COM
        machine password timeout = 0
...
[myshare]
...
valid users = @"MYDOM\domain users", @@"MYDOM\domain admins"
write list = @"MYDOM\domain users"
read list = @"MYDOM\domain users", @"MYDOM\domain guests"
...

Open in new window


Set the default domain for users without kerberos ticket with:
/opt/pbis/bin/config AssumeDefaultDomain true

Open in new window

0
 

Author Closing Comment

by:plokij5006
ID: 39815501
Thanks Daniel,

The default domain was not set for users without kerberos, once this parameter was set we could access the server with domain accounts.

Once again you have a been a great help and I really appreciate it.

Kind regards,

Andrew
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question