On Wed, Jun 24, 2009 at 12:34 PM, Reginald0<regi0@ig.com.br>
wrote:>
> Hi, folks!
>
> I have two RHEL5 Linux machines, both successfuly joined to a Windows 2008
> Server AD domain. I can see AD users, groups, checking trusts, etc.
> My problem is that when I try to mount a share from one Linux machine to
the
> other using a local user, I receive the message "mount error 13 =
Permission
> denied".
> If I add the user with same name/password to the Windows AD domain, then I
> can mount the share, and this way I can read but can't write to the
mounted
> folder on the client side, unless I set "chmod 777" on the server
side, but
> this would open a security hole on my system.
> Before join these two machines to a domain, I was using "security =
share"
> and "username map" option to map the server local user to the
client remote
> user, and it was working flawlessly.
> Follows below the relevant configuration:
>
> ________________________________
>
> "/etc/samba/smb.conf" on server:
>
> [GLOBAL]
> ?security = ADS
> ?workgroup = DOMAINNAME
> ?realm = DOMAINNAME
> ?password server = DOMAINSERVERNAME
> ?username map = /etc/samba/smbusers
> ?winbind use default domain = yes
> ?winbind uid = 10000-20000
> ?winbind gid = 10000-20000
>
> [SHARE]
> ?path = /share
> ?writable = yes
> ?browseable = no
> ?create mask = 0664
> ?valid users = remoteusername
> ________________________________
>
> "/etc/samba/smbusers" on server:
>
> localusername = remoteusername
> ________________________________
>
> "mount" command on client:
>
> mount -t cifs //MACHINE1/SHARE /share -o user=remoteusername
> ________________________________
>
>
> If you need some more information, please advise me.
>
> Thanks in advance,
>
> Reginald0
>
> --
> View this message in context:
http://www.nabble.com/Linux-local-user-problem-when-security-%3D-ADS-tp24189729p24189729.html
> Sent from the Samba - General mailing list archive at Nabble.com.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: ?https://lists.samba.org/mailman/options/samba
>
?Last week I did this, I join my samba server running centos 5.3 with
a AD server running Win 2k3.
?Went I start testing, wbinfo -u, wbinfo -g show all my users and
groups from AD, the goal of this is that we don't need to add the each
user to Linux+samba user db like we did before with NT4.
? Now, the:
username map = /etc/samba/smbusers
I don't like it, I don't have right access to my samba server to see
my settings, but I remember that if I would like to share a folder
like your example, I did this:
mkdir share
chmod 0664 share
chown DOMAIN+username share
[SHARE]
path = /share
writable = yes
browseable = no
create mask = 0664
valid users = DOMAIN+username
write list = DOMAIN+username
Just to point that, I setup winbind, pam and all that stuff to make
my AD server to samba all the info about names+groups.
See latter.
--
LIving the dream...