Hello,
I've been asked to setup samba share so that we can manage them like you would in windows. Additionally, the request is that I be able to have the shares setup with advance permissions just like in windows.
The server is running 64bit Centos 6.7, and has the following samba packages:
samba4-libs-4.0.0-67.el6_7.rc4.x86_64 samba4-4.0.0-67.el6_7.rc4.x86_64 samba4-client-4.0.0-67.el6_7.rc4.x86_64 samba4-winbind-krb5-locator-4.0.0-67.el6_7.rc4.x86_64 samba4-common-4.0.0-67.el6_7.rc4.x86_64 samba4-winbind-4.0.0-67.el6_7.rc4.x86_64 samba4-winbind-clients-4.0.0-67.el6_7.rc4.x86_64 I've been following this guide here: https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
My problem is that I cannot access this share. I can see it, but cannot access it.
Here are the steps I've taken so far:
1) Joined the windows domain with net ads join -U "admin user name" - This works
2) getent group/passwd and wbinfo -u/g - This works
3) I can log in as my domain accounts
Here is my samba config:
[Global] workgroup = "DOMAIN" server string = File Server Test netbios name = files1 log file = /var/log/samba/log.%U.%m max log size = 1000 security = ADS passdb backend = tdbsam encrypt passwords = yes password server = * realm = "COMPANY.CA" idmap backend = ad idmap config "COMPANY.CA" : backend = ad idmap config "COMPANY.CA" : range = 1000-999999 winbind refresh tickets = yes winbind nss info = rfc2307 winbind separator = \\ winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes [test] comment = Testing ACL Permissions path = /data1/test read only = no Below is my krb5.conf file:
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = COMPANY.CA dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] COMPANY.CA = { kdc = * } [domain_realm] .COMPANY.CA = COMPANY.CA COMPANY.CA = COMPANY.CA company.ca = COMPANY.CA .company.ca = COMPANY.CA [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Here is an output of my net rpc rights list accounts
COMPANY\admins SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeDiskOperatorPrivilege BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege SeSystemtimePrivilege SeShutdownPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeSystemProfilePrivilege SeProfileSingleProcessPrivilege SeIncreaseBasePriorityPrivilege SeLoadDriverPrivilege SeCreatePagefilePrivilege SeIncreaseQuotaPrivilege SeChangeNotifyPrivilege SeUndockPrivilege SeManageVolumePrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege SeEnableDelegationPrivilege Fstab:
UUID=6be1d2cf-bfb6-4abb-bf2c-25e2a439dae3 /data1 ext4 user_xattr,acl,barrier=1 0 0 Any thoughts would be greatly appreciated
[link] [comments]