[CentOS] Samba AD valid users issue
I have setup a new server centos 5.1 server as a storage server with over 7TB of storage. The server has been integrated into a large Active Directory network there are 5 primary AD servers and a large number of local AD server at each location (over 20). There are also over 15 trusted domains hundreds of groups and thousands of users. It has been quite a challenge to integrate the Linux server with Samba into this incitement. I am now at a point where I can change user and group ownership of filed and folders at AD users and connect to the server with a windows client. There are also issues with Samba not starting on bootup (yes the service is set to start at level 3 system starts non GUI). And it seems to take quite a while for system to recognize domain users on startup. The [TEST] share works with out issue. The [TEST-ENG] share is not working no matter what I do. The issue that I am having is that most of the groups have a [EMAIL PROTECTED] at the beginning. Ie: @DIV-Engineering This conflicts with the Samba valid users = directive in the smb.conf. I have been able to change the group ownership to [EMAIL PROTECTED] in the file-system without any issues. Is there any way to do this? [global] workgroup = XXX realm = XXX server string = Samba Server Version %v security = ADS auth methods = guest, sam, winbind obey pam restrictions = Yes password server = nycbcc01.xxx.ad.xxx.net # winbind separator = \\ # passdb backend = tdbsam wins server = 192.20.76.98 ldap ssl = no winbind use default domain = yes idmap uid = 1-10 idmap gid = 1-10 winbind enum users = Yes preferred master = no encrypt passwords = yes template homedir = /home/samba/%D/%U cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [TEST] path = /home/samba/shares/TEST valid users = @XXX\Domain Users force group = XXX\domain users read only = No create mask = 0774 force create mode = 0775 directory mask = 0775 force directory mode = 0770 force directory security mode = 0770 [TEST-ENG] path = /home/samba/shares/TEST valid users = @[EMAIL PROTECTED] force group = [EMAIL PROTECTED] read only = No create mask = 0774 force create mode = 0775 directory mask = 0775 force directory mode = 0770 force directory security mode = 0770 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba AD valid users issue
Hi, On Fri, 2008-06-06 at 17:26 -0400, [EMAIL PROTECTED] wrote: I have setup a new server centos 5.1 server as a storage server with over 7TB of storage. The server has been integrated into a large Active Directory network there are 5 primary AD servers and a large number of local AD server at each location (over 20). There are also over 15 trusted domains hundreds of groups and thousands of users. It has been quite a challenge to integrate the Linux server with Samba into this incitement. I am now at a point where I can change user and group ownership of filed and folders at AD users and connect to the server with a windows client. There are also issues with Samba not starting on bootup (yes the service is set to start at level 3 – system starts non GUI). And it seems to take quite a while for system to recognize domain users on startup. The [TEST] share works with out issue. The [TEST-ENG] share is not working no matter what I do. The issue that I am having is that most of the groups have a [EMAIL PROTECTED] at the beginning. Ie: @DIV-Engineering This conflicts with the Samba “valid users = “ directive in the smb.conf. I have been able to change the group ownership to [EMAIL PROTECTED] in the file-system without any issues. Is there any way to do this? [global] workgroup = XXX realm = XXX server string = Samba Server Version %v security = ADS auth methods = guest, sam, winbind obey pam restrictions = Yes password server = nycbcc01.xxx.ad.xxx.net # winbind separator = \\ # passdb backend = tdbsam wins server = 192.20.76.98 ldap ssl = no winbind use default domain = yes idmap uid = 1-10 idmap gid = 1-10 winbind enum users = Yes preferred master = no encrypt passwords = yes template homedir = /home/samba/%D/%U cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [TEST] path = /home/samba/shares/TEST valid users = @XXX\Domain Users force group = XXX\domain users read only = No create mask = 0774 force create mode = 0775 directory mask = 0775 force directory mode = 0770 force directory security mode = 0770 [TEST-ENG] path = /home/samba/shares/TEST valid users = @[EMAIL PROTECTED] force group = [EMAIL PROTECTED] read only = No create mask = 0774 force create mode = 0775 directory mask = 0775 force directory mode = 0770 force directory security mode = 0770 Having a quick glance at the config I remember I had a sort of same issue, set your winbind seperator character to something like '#' and do the same in the valid users and groups and it should give you more working stuff ;) The \ character is a line break which tells samba to continue reading the config on the next line including spaces and linebreaks... regards, Michel ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Samba AD valid users issue
Thanks, The issue dos not seem to be with the separator. It is with the @ as a leading char in the group name. But I will give it a try on Monday Michel van Deventer michel at van.deventer.cx Fri Jun 6 21:34:23 UTC 2008 Having a quick glance at the config I remember I had a sort of same issue, set your winbind seperator character to something like '#' and do the same in the valid users and groups and it should give you more working stuff ;) The \ character is a line break which tells samba to continue reading the config on the next line including spaces and linebreaks... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos