Jason Long
2014-Dec-27 06:44 UTC
[Samba] Use Samba with ACL for read Active Directory and set Permissions via it.
Thank you so much. No, I'm not. I joined my linux to Windows domain because of AD. I can define some users in my Linux and Windows clients use it to open share and ... but my problem is that I have a lot of users and groups and Redefine all of them in Linux is a little silly :(. I joined my Linux to Windows domain because of use AD users and groups. About your question : "Where did you setup the password for 'jasondomain\jason'? Again, if you didn't set a password, more modern versions of windows won't allow you to login (or attach a share) remotely." I must say that "jason" is defined in AD on Windows OS and I use it for login into Linux. "You don't say what happens when you try to open 'test'. You say it can't let you? What error message does it give you? " It don't show me any error and just show Login Windows again :(. On Friday, December 26, 2014 2:35 PM, Linda W <samba at tlinx.org> wrote: Jason Long wrote:> Hello Folks. > How are you? > > I joined my CentOS into Windows Domain and I want to give Permission to files and Directory via Active Directory. When I use "getent passwd" and "getent group", I can see All AD users and Groups. I use below command to give Permission to a Folder via ACL : > > setfacl -m g:"jasondomain\jason-rw":rwx /home/local/jasondomain/jason/test > > and I create a part for my "smb.conf" file : > > [Test] > comment = test > path = /home/local/jasondomain/jason/test > browsable = yes > inherit acls = yes > inherit permissions = yes > inherit owner = yes > map acl inherit = yes > acl check permissions = yes > nt acl support = yes > #valid users = %D\%S > #write list = @jasondomain\domain^admins > read only = no > > > but when I browse the "Test" directory it ask me username and password and when I enter "jasondomain\jason" as username it can't let me to open the "Test" directory. What is the problem? >---- Are you already logged into the server under different credentials, like 'WORKGROUP', jason (i.e. do you already have some shares mounted?) If I remember, Windows won't allow the same workstation to connect under two different user id's. If you already have something mounted from your workstation with different credentials, you need to close (unmount / unmap) those other connections. Where did you setup the password for 'jasondomain\jason'? Again, if you didn't set a password, more modern versions of windows won't allow you to login (or attach a share) remotely. You don't say what happens when you try to open 'test'. You say it can't let you? What error message does it give you?
Rowland Penny
2014-Dec-27 11:36 UTC
[Samba] Use Samba with ACL for read Active Directory and set Permissions via it.
On 27/12/14 06:44, Jason Long wrote:> Thank you so much. > No, I'm not. I joined my linux to Windows domain because of AD. I can define some users in my Linux and Windows clients use it to open share and ... but my problem is that I have a lot of users and groups and Redefine all of them in Linux is a little silly :(. I joined my Linux to Windows domain because of use AD users and groups. > > About your question : > "Where did you setup the password for 'jasondomain\jason'? Again, if you > didn't set a password, more modern versions of windows won't allow you to > login (or attach a share) remotely." > > I must say that "jason" is defined in AD on Windows OS and I use it for login into Linux. > > > "You don't say what happens when you try to open 'test'. You say it can't let you? What error message does it give you? " > It don't show me any error and just show Login Windows again :(. > > > > > On Friday, December 26, 2014 2:35 PM, Linda W <samba at tlinx.org> wrote: > Jason Long wrote: >> Hello Folks. >> How are you? >> >> I joined my CentOS into Windows Domain and I want to give Permission to files and Directory via Active Directory. When I use "getent passwd" and "getent group", I can see All AD users and Groups. I use below command to give Permission to a Folder via ACL : >> >> setfacl -m g:"jasondomain\jason-rw":rwx /home/local/jasondomain/jason/test >> >> and I create a part for my "smb.conf" file : >> >> [Test] >> comment = test >> path = /home/local/jasondomain/jason/test >> browsable = yes >> inherit acls = yes >> inherit permissions = yes >> inherit owner = yes >> map acl inherit = yes >> acl check permissions = yes >> nt acl support = yes >> #valid users = %D\%S >> #write list = @jasondomain\domain^admins >> read only = no >> >> >> but when I browse the "Test" directory it ask me username and password and when I enter "jasondomain\jason" as username it can't let me to open the "Test" directory. What is the problem? >> > ---- > Are you already logged into the server under different credentials, > like 'WORKGROUP', jason (i.e. do you already have some shares mounted?) > > If I remember, Windows won't allow the same workstation to connect under > two different user id's. If you already have something mounted from your > workstation with different credentials, you need to close (unmount / unmap) > those other connections. > > Where did you setup the password for 'jasondomain\jason'? Again, if you > didn't set a password, more modern versions of windows won't allow you to > login (or attach a share) remotely. > > You don't say what happens when you try to open 'test'. You say it > > can't let > you? What error message does it give you?OK, If I understand you correctly, you have setup samba on a Centos machine and joined it to a windows machine, is this correct ? Could you post the entire smb.conf from your Centos machine. Rowland
Jason Long
2014-Dec-27 11:55 UTC
[Samba] Use Samba with ACL for read Active Directory and set Permissions via it.
You right. I joined my Linux box into Windows domain.Of course. I attached my "smb.conf". Can you see it? On Saturday, December 27, 2014 3:36 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote: On 27/12/14 06:44, Jason Long wrote:> Thank you so much. > No, I'm not. I joined my linux to Windows domain because of AD. I can define some users in my Linux and Windows clients use it to open share and ... but my problem is that I have a lot of users and groups and Redefine all of them in Linux is a little silly :(. I joined my Linux to Windows domain because of use AD users and groups. > > About your question : > "Where did you setup the password for 'jasondomain\jason'?? Again, if you > didn't set a password, more modern versions of windows won't allow you to > login (or attach a share) remotely." > > I must say that "jason" is defined in AD on Windows OS and I use it for login into Linux. > > > "You don't say what happens when you try to open 'test'.? You say it can't let you?? What error message does it give you? " > It don't show me any error and just show Login Windows again :(. >? > > > > On Friday, December 26, 2014 2:35 PM, Linda W <samba at tlinx.org> wrote: > Jason Long wrote: >> Hello Folks. >> How are you? >> >> I joined my CentOS into Windows Domain and I want to give Permission to files and Directory via Active Directory. When I use "getent passwd" and "getent group", I can see All AD users and Groups. I use below command to give Permission to a Folder via ACL : >> >> setfacl -m g:"jasondomain\jason-rw":rwx /home/local/jasondomain/jason/test >> >> and I create a part for my "smb.conf" file : >> >> [Test] >> comment = test >> path = /home/local/jasondomain/jason/test >> browsable = yes >> inherit acls = yes >> inherit permissions = yes >> inherit owner = yes >> map acl inherit = yes >> acl check permissions = yes >> nt acl support = yes >> #valid users = %D\%S >> #write list = @jasondomain\domain^admins >> read only = no >> >> >> but when I browse the "Test" directory it ask me username and password and when I enter "jasondomain\jason" as username it can't let me to open the "Test" directory. What is the problem? >>? > ---- >? ? ? Are you already logged into the server under different credentials, > like 'WORKGROUP', jason (i.e. do you already have some shares mounted?) > > If I remember, Windows won't allow the same workstation to connect under > two different user id's.? If you already have something mounted from your > workstation with different credentials, you need to close (unmount / unmap) > those other connections. > > Where did you setup the password for 'jasondomain\jason'?? Again, if you > didn't set a password, more modern versions of windows won't allow you to > login (or attach a share) remotely. > > You don't say what happens when you try to open 'test'.? You say it > > can't let > you?? What error message does it give you?OK, If I understand you correctly, you have setup samba on a Centos machine and joined it to a windows machine, is this correct ? Could you post the entire smb.conf from your Centos machine. Rowland -- To unsubscribe from this list go to the following URL and read the instructions:? https://lists.samba.org/mailman/options/samba
Possibly Parallel Threads
- Use Samba with ACL for read Active Directory and set Permissions via it.
- Use Samba with ACL for read Active Directory and set Permissions via it.
- Use Samba with ACL for read Active Directory and set Permissions via it.
- Use Samba with ACL for read Active Directory and set Permissions via it.
- Use Samba with ACL for read Active Directory and set Permissions via it.