I have setup a new server centos 5.1 server as a storage
server with over 7TB of storage. The server has been
integrated into a large Active Directory network there are
5 primary AD servers and a large number of local AD server
at each location (over 20). There are also over 15 trusted
domains hundreds of groups and thousands of users. It has
been quite a challenge to integrate the Linux server with
Samba into this incitement. I am now at a point where I
can change user and group ownership of filed and folders
at AD users and connect to the server with a windows
client.
There are also issues with Samba not starting on bootup
(yes the service is set to start at level 3 ? system
starts non GUI). And it seems to take quite a while for
system to recognize domain users on startup.
The [TEST] share works with out issue.
The [TEST-ENG] share is not working no matter what I do.
The issue that I am having is that most of the groups have
a ?@? at the beginning.
Ie: @DIV-Engineering
This conflicts with the Samba ?valid users = ? directive
in the smb.conf.
I have been able to change the group ownership to
?@DIV-Engineering? in the file-system without any issues.
Is there any way to do this?
[global]
workgroup = XXX
realm = XXX
server string = Samba Server Version %v
security = ADS
auth methods = guest, sam, winbind
obey pam restrictions = Yes
password server = nycbcc01.xxx.ad.xxx.net
# winbind separator = \\
# passdb backend = tdbsam
wins server = 192.20.76.98
ldap ssl = no
winbind use default domain = yes
idmap uid = 10000-100000
idmap gid = 10000-100000
winbind enum users = Yes
preferred master = no
encrypt passwords = yes
template homedir = /home/samba/%D/%U
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[TEST]
path = /home/samba/shares/TEST
valid users = @"XXX\Domain Users"
force group = "XXX\domain users"
read only = No
create mask = 0774
force create mode = 0775
directory mask = 0775
force directory mode = 0770
force directory security mode = 0770
[TEST-ENG]
path = /home/samba/shares/TEST
valid users = @"XXX\@DIV-Engineering"
force group = "XXX\@DIV-Engineering"
read only = No
create mask = 0774
force create mode = 0775
directory mask = 0775
force directory mode = 0770
force directory security mode = 0770
Hi, On Fri, 2008-06-06 at 17:26 -0400, mslist at opcenter.net wrote:> I have setup a new server centos 5.1 server as a storage > server with over 7TB of storage. The server has been > integrated into a large Active Directory network there are > 5 primary AD servers and a large number of local AD server > at each location (over 20). There are also over 15 trusted > domains hundreds of groups and thousands of users. It has > been quite a challenge to integrate the Linux server with > Samba into this incitement. I am now at a point where I > can change user and group ownership of filed and folders > at AD users and connect to the server with a windows > client. > > There are also issues with Samba not starting on bootup > (yes the service is set to start at level 3 ? system > starts non GUI). And it seems to take quite a while for > system to recognize domain users on startup. > > The [TEST] share works with out issue. > The [TEST-ENG] share is not working no matter what I do. > > The issue that I am having is that most of the groups have > a ?@? at the beginning. > Ie: @DIV-Engineering > This conflicts with the Samba ?valid users = ? directive > in the smb.conf. > > I have been able to change the group ownership to > ?@DIV-Engineering? in the file-system without any issues. > > > Is there any way to do this? > > > [global] > workgroup = XXX > realm = XXX > server string = Samba Server Version %v > security = ADS > auth methods = guest, sam, winbind > obey pam restrictions = Yes > password server = nycbcc01.xxx.ad.xxx.net > # winbind separator = \\ > # passdb backend = tdbsam > wins server = 192.20.76.98 > ldap ssl = no > winbind use default domain = yes > idmap uid = 10000-100000 > idmap gid = 10000-100000 > winbind enum users = Yes > preferred master = no > encrypt passwords = yes > template homedir = /home/samba/%D/%U > cups options = raw > > [homes] > comment = Home Directories > read only = No > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > [TEST] > path = /home/samba/shares/TEST > valid users = @"XXX\Domain Users" > force group = "XXX\domain users" > read only = No > create mask = 0774 > force create mode = 0775 > directory mask = 0775 > force directory mode = 0770 > force directory security mode = 0770 > > [TEST-ENG] > path = /home/samba/shares/TEST > valid users = @"XXX\@DIV-Engineering" > force group = "XXX\@DIV-Engineering" > read only = No > create mask = 0774 > force create mode = 0775 > directory mask = 0775 > force directory mode = 0770 > force directory security mode = 0770Having a quick glance at the config I remember I had a sort of same issue, set your winbind seperator character to something like '#' and do the same in the valid users and groups and it should give you more working stuff ;) The \ character is a line break which tells samba to continue reading the config on the next line including spaces and linebreaks... regards, Michel
Thanks, The issue dos not seem to be with the separator. It is with the @ as a leading char in the group name. But I will give it a try on Monday Michel van Deventer michel at van.deventer.cx Fri Jun 6 21:34:23 UTC 2008 Having a quick glance at the config I remember I had a sort of same issue, set your winbind seperator character to something like '#' and do the same in the valid users and groups and it should give you more working stuff ;) The \ character is a line break which tells samba to continue reading the config on the next line including spaces and linebreaks...