[TriLUG] Samba and Active Directory

Roy Vestal rvestal at trilug.org
Tue Sep 5 02:38:44 EDT 2006 

This is how I ran the perms on ALL my samba\ADS machines...Never had 
users...only domain groups...only user on the linux box was "root"

Roy Vestal wrote:
> IIRC,
> Simply use the nomenclature "domain\\usernameorgroup"...the single \ 
> never worked for me...
>
> HTH
>
> Matt Nash wrote:
>> Brian Blater (BBList) wrote:
>>>>>> On Fri, Sep 1, 2006 at 11:04 AM, in message
>>>>>>         
>>> <44F84C11.2040403 at intrex.net>,
>>> mattnash at intrex.net wrote: 
>>>> In my smb.conf I have 2 lines that you don't:
>>>> client use spnego = yes
>>>> client ntlmv2 auth = yes
>>>>
>>>> I used this page to configure winbind and krb5:
>>>> https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
>>>>
>>>> I know you don't have ubuntu, but the instructions are general enough
>>>>     
>>>
>>>  
>>>> that it should work.
>>>>     
>>>
>>> Thank you!!! I added the two lines above and made a couple more changes
>>> as suggested in the link above (removed the winbind separator line and
>>> auth methods line and changed the valid users line in the share)  and
>>> I'm attaching to the share without a password.
>>>
>>> Now the problem is with perms. If I set the directory 777 no problem
>>> writing to the share, or if I make the owner TTA\ituser no problem
>>> writing. However if I set the group to the TTA\sambausers group (which
>>> ituser is a member of and perms are 775) I cannot write to the
>>> directory. Any idea what needs to change or how to get the directory
>>> writable by an AD group?
>>>
>>> Thanks again for helping me get this far.
>>> Brian
>>>
>>>
>>>   
>>
>> Unfortunately that is a bit beyond my experience.  From poking around 
>> Google it seems that permissions issues are frequent with Samba.  
>> Have you tried using the group id as reported by 'getent group' 
>> rather than the domain\group syntax?  You may also want to try the 
>> group name without the leading domain name.  Also make sure that you 
>> have "valid users = TTA\sambausers" or something like it in smb.conf.
>

More information about the TriLUG mailing list