damiien
2011-Dec-02 08:44 UTC
[Samba] cant access shares on members of samba domain from windows domain
Hi, I have a network with two domains. DOMAIN A has samba 3.0.28 as PDC (I know its old but it cant be updated due to political reasons). DOMAIN B is a Windows 2003 domain. Samba PDC (domain A) has few shares on it and everyone can access those shares (everyone from domain A and domain B). In domain A there are also few windows machines which also have shares. I'd like for those shares to be available to everyone. Currently, everyone on domain A can access those windows shares (which are on domain A). I'd like for those shares to be available to domain B users but currently only Domain Administrator from domain B has access. I'd appreciate any help on getting this to work. To sum up, Domain A: 1. Samba as PDC - share "Groups" shared to everyone and available to everyone 2. Windows 2003 - share "Data" shared to everyone but available to everyone in domain A and only to Domain Administrator from domain B Domain B: 1. Windows 2003 Active directory 2. Windows XP clients ---share "Data" needs to be available to everyone. Any ideas?
damiien
2011-Dec-02 09:30 UTC
[Samba] cant access shares on members of samba domain from windows domain
Here is the error message I get when trying to access share "Data" as DomainB\user. \\Robo is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. A device attached to the system is not functioning.
TAKAHASHI Motonobu
2011-Dec-04 04:22 UTC
[Samba] cant access shares on members of samba domain from windows domain
From: damiien <damiien at gmail.com> Date: Fri, 2 Dec 2011 09:44:42 +0100> Currently, everyone on domain A can access those windows shares (which > are on domain A). I'd like for those shares to be available to domain > B users but currently only Domain Administrator from domain B has > access. I'd appreciate any help on getting this to work.First, you had better understand Windows domain trustrelationship before working on Samba issue. Then you will understand what to be done. --- If you do not mind security, enabling Guest access is an easy way. And if domain A users want to access a share on domain B, to specify correct user and whose password will make them access. Otherwise, you have to set up domain trustrelationship between domain A and B, and set correct permissions on every share you want to enable access from other domain's users. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>
Gaiseric Vandal
2011-Dec-05 16:00 UTC
[Samba] cant access shares on members of samba domain from windows domain
On 12/02/2011 03:44 AM, damiien wrote:> Hi, > > I have a network with two domains. DOMAIN A has samba 3.0.28 as PDC > (I know its old but it cant be updated due to political reasons). > DOMAIN B is a Windows 2003 domain. Samba PDC (domain A) has few shares > on it and everyone can access those shares (everyone from domain A and > domain B). In domain A there are also few windows machines which also > have shares. I'd like for those shares to be available to everyone. > Currently, everyone on domain A can access those windows shares (which > are on domain A). I'd like for those shares to be available to domain > B users but currently only Domain Administrator from domain B has > access. I'd appreciate any help on getting this to work. > > > To sum up, > > Domain A: 1. Samba as PDC - share "Groups" shared to everyone and > available to everyone > 2. Windows 2003 - share "Data" shared to everyone > but available to everyone in domain A and only to Domain Administrator > from domain B > > Domain B: 1. Windows 2003 Active directory > 2. Windows XP clients > > ---share "Data" needs to be available to everyoneIf you edit the Share or NTFS perms of a Domain A WIndows machine directory, are you able to view or select users/groups from domain B? When you log in to a Domain A Windows machine are you able to select "Domain B" as a login domain? Are you sure domain trusts really are set up properly on your PDC? Does "wbinfo -u" and "wbinfo -g" show the trusted domain users and groups? Does "getent passwd" or "getent passwd DOMAINB\\someuser" work? My guess is that domain trusts are not working properly. Trusted domain users need to map to a local unix id. Domain B Administrator is probably able to log in to domain A since there is a matching unix name (i.e. Administrator.) Assuming that samba can match the trusted domain user's name to a local unix id, it will then validate the user against the trusted domain PDC. If you have "jsmith" in both domains, but with different passwords, if would appear to user "jsmith" that domain trusts were working properly. I think you will not get this working properly with Samba 3.0.28. I had a similar setup- I would get it working for a short time but the idmap cache would expire and not renew.
Seemingly Similar Threads
- Member server does not show users from trusted domain
- Samba 4 "Classic PDC" trusts fail with Win 2012 domain but succeed Win 2008
- Samba 4 "Classic PDC" trusts fail with Win 2012 domain but succeed Win 2008
- Wbinfo does show users from trusted domain / RPC error
- Domain Trust Logins