Dear samba-mailinglist,
We're using samba 4.0.5 as an active directory domain controller.
We used to set up some file shares on basis security=user in the old
samba version. I was able to set up the shares as they used to be .
My Question:
How can I set up "wich user kan read/write which share?"
Do I have to do this in den Active Directory or in smb.conf?
This maybe a trivial question, but I lokked around the manuals a lot and
found nothing.
smb.conf
[global]
workgroup = GYM-FEU
realm = gym-feu.local
netbios name = SERVER
server role = active directory domain controller
[netlogon]
path = /usr/local/samba/var/locks/sysvol/gym-feu.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[austausch]
path = /home/samba/austausch
create mask = 0700
directory mask = 0700
force user = schueler
force group = schueler
comment = zum freien Austausch
public = yes
writeable = yes
Ulrich Schneider
Ulrich Schneider
2013-May-18 10:51 UTC
[Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
Maybe I should rephrase the question (and use a more suitable topic) I have Samba 4.0.5. as an active domain controller. I want to know how to set up shares e.g. this way: share1 accessible r/w for users in the active directory user group group1 share2 accessible read only for users in the active directory user group group2 Or rephrased again: Using Samba 4.0.5. as an active domain controller ... there must be a way how the Windows User from AD is mapped to a unix user / access rights for a share. Is there a documentation for that? Thanks for your supprt. Ulrich Schneider Am 18.05.2013 09:03, schrieb Ulrich Schneider:> Dear samba-mailinglist, > > We're using samba 4.0.5 as an active directory domain controller. > We used to set up some file shares on basis security=user in the old > samba version. I was able to set up the shares as they used to be . > > My Question: > How can I set up "wich user kan read/write which share?" > > Do I have to do this in den Active Directory or in smb.conf? > > This maybe a trivial question, but I lokked around the manuals a lot and > found nothing. > > smb.conf > > [global] > workgroup = GYM-FEU > realm = gym-feu.local > netbios name = SERVER > server role = active directory domain controller > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/gym-feu.local/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > [austausch] > path = /home/samba/austausch > create mask = 0700 > directory mask = 0700 > force user = schueler > force group = schueler > comment = zum freien Austausch > public = yes > writeable = yes > > > Ulrich Schneider
steve
2013-May-19 08:47 UTC
[Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
On Sun, 2013-05-19 at 16:27 +0800, wong lmark wrote:> Please let me simplify the question. I chose the in place upgrade > Samba 3 to Samba 4 in my CentOS 6.4.Hi Ok, so this Domain has been produced by: /usr/local/samba/bin/samba-tool domain classicupgrade /etc/samba/smb.conf --dbdir=/var/lib/samba/ --use-xattrs=yes --realm=TEST.COM And this is the log for the first run when you typed samba:> Firstly, I used "/usr/local/samba/bin/smbclient -L localhost -U%" and > got a message "Connection to localhost failed (Error > NT_STATUS_CONNECTION_REFUSED)". > I read the log.samba and got the error : > > [2013/05/19 15:27:41, > 0] ../source4/smbd/server.c:369(binary_smbd_main) > samba version 4.0.5 started. > Copyright Andrew Tridgell and the Samba Team 1992-2012 > [2013/05/19 15:27:41, > 0] ../source4/smbd/server.c:475(binary_smbd_main) > samba: using 'standard' process model > [2013/05/19 15:27:41, > 0] ../source4/lib/tls/tlscert.c:70(tls_cert_generate) > Attempting to autogenerate TLS self-signed keys for https for > hostname 'SAM.test.com' > [2013/05/19 15:27:41, > 0] ../source4/lib/tls/tlscert.c:166(tls_cert_generate) > TLS self-signed keys generated OK > [2013/05/19 15:27:43, > 0] ../source4/smbd/service_stream.c:342(stream_setup_socket) > Failed to listen on 0.0.0.0:389 - > NT_STATUS_ADDRESS_ALREADY_ASSOCIATED > [2013/05/19 15:27:43, > 0] ../source4/ldap_server/ldap_server.c:821(add_socket) > ldapsrv failed to bind to 0.0.0.0:389 - > NT_STATUS_ADDRESS_ALREADY_ASSOCIATED > [2013/05/19 15:27:43, > 0] ../source4/smbd/service_task.c:35(task_server_terminate) > task_server_terminate: [Failed to startup ldap server task] > [2013/05/19 15:27:43, > 0] ../source4/smbd/server.c:210(samba_terminate) > samba_terminate: Failed to startup ldap server task > [2013/05/19 15:39:06, > 0] ../file_server/file_server.c:47(file_server_smbd_done) > file_server smbd daemon exited normally > [2013/05/19 15:39:06, > 0] ../source4/smbd/service_task.c:35(task_server_terminate) > task_server_terminate: [smbd child process exited] > > > Second, I used "kinit Administrator" or "kinit root", the message is > shown "kinit: Cannot resolve servers for KDC in realm "Test.com" while > getting initial credentials" > > > How can I solve that?I'd go for DNS. A good start is /etc/hosts. Is there an entry for sam.test.com? What does /etc/krb5.conf contain? Cheers, Steve
steve
2013-May-19 12:27 UTC
[Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
On Sun, 2013-05-19 at 20:10 +0800, wong lmark wrote:> No. I am not sure that where is the dns reconds store in Samba4. > But I have not install bind before upgrade.You can see them: samba-tool dns query <server> <zone> <name> <A|AAAA|CNAME|MX|NS|SOA|SRV| TXT|ALL> [options]