search for: ad_group

I have a directory shared out via Samba for Quickbooks and seem to have some issues with permissions. The directory being shared is a subdirectory in an ext3 partition being mounted with the acl option. It has been setup as follows: chown root:DOMAIN\AD_Group /mnt/Intuit_Data/ chmod 2770 /mnt/Intuit_Data/ And the Samba share config is has: create mask = 0660 directory mask = 0770 So when a user creates a file from their Windows box through Explorer or any other app, it gets perms as you might expect: -rw-rw---- 1 Domain+jcasale DOM...

...8. Verify the contents of the Kerberos keytab file: klist -ke 9. Add a share that has access restricted to an Active Directory group: a. mkdir /data b. vi /etc/samba/smb.conf After the [homes}, section add the following text: [data] comment = Data Directory path = /data valid users = @"DOMAIN\AD_Group" writable = yes browseable = yes Substitute DOMAIN\AD_Group with an AD group that will be accessing this share. c. /etc/init.d/smb restart 10. Enable home directory creation a. system-config-authentication b. In the Advance Options tab, check the "Create home directories on the first logi...

I have another samba server and upgraded it to samba4. testparm returns clean with the old config (ROLE_DOMAIN_PDC) and starts up fine. smbclient seems to work fine. The next thing now is to try and make it a domain member so it can auth against AD. Thanks, Andrew, I appreciate the pointers.

...method = secrets and keytab winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind refresh tickets = yes To use the "valid users" directive, I have to deal with the AD SIDs. You can get it by running : $ wbinfo --name-to-sid ad_user $ wbinfo --name-to-sid ad_group The RID idmap backend doesn't work as expected. So I use the NSS backend : idmap config MYDOMAIN : backend = nss idmap config MYDOMAIN : range = 10000-99999 idmap config * : backend = tdb idmap config * : range = 100000-999999 And in /etc/nsswitch.conf : passwd: files sss shadow: files sss...

Hello all, Im having the latest centos that should be integrated into win 2012 active directory domain. Im having Authentication running, an AD user can login via ssh, getent and id working But Im not able to get the samba shares running with AD [sfu-erp] comment = Mandant path = /share # ; valid users = @"RZ-DOMAIN\linuxtest" @"RZ-DOMAIN\linuxtest" valid users =

The two domain controllers (Debian) and the member server (CentOS) are all running Samba 4.1.4 from the sernet packages. The member server I am testing from was fully patched as of this morning. Things that work: - wbinfo -u - wbifno -g - getent group {ad_group} Things that don't work: - getent passwd {any_ad_user} - getent group - getent passwd I jacked up the winbindd debug level to 9, and did some testing. # wbinfo -n doug S-1-5-21-1317801521-1647347728-1419337603-1104 SID_USER (1) # wbinfo -S S-1-5-21-1317801521-1647347728-1419337603...

I know, I know, this again :) The company I work for would like to use squid for proxy authentication purposes using NTLM, using a Windows 2008 R2 server as a DC. I've managed to setup samba/winbind to use ads and successfully joined the domain. Configured nsswitch.conf to lookup winbind entities (however I didn't touch PAM configuration, as I don't actually want the users to be able