Web lists-archives.com

[Samba] Samba and AD based home shares are visible but not accessible

I've set up a CentOS system in my predominantly windows environment. Getting it to authenticate users with ssh based on AD user groups using KRB5 and SSSD was comparatively easy, but I am not able to share files from it.

I followed the guide here to get as far as I did: https://www.centos.org/forums/viewtopic.php?t=52872

When I browse to the server using \\<serverIP<file://%3cserverIP>> I am presented with the folder USERAID@xxxxxxxxxxxxxxx<mailto:USERAID@xxxxxxxxxxxxxxx> which corresponds to the account I am logged into the windows computer with. However, when I try to open it, I am told I do not have permission. I tried to create a non home folder, that all members of the AD group would be able to have access to, but I seem to be experiencing the same result.

Here is my smb.conf file, sanitized, but with as much information intact as I could manage. I have been at this all day battling it out with suggestions from google and previous posts in this mailing list with no success.

# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

workgroup = <simplified domain name>
realm = univ.school.edu
netbios name = hostname
password server = *
server string = Samba Server Version %v
security =ADS
log file = /var/log/samba/log.%m
max log size = 5000
load printers = No
idmap config * : backend = tdb
log level = 4
local master = no
domain master = no
preferred master = no
wins support = no
wins proxy = no
dns proxy = yes
name resolve order = wins bcast host lmhosts
#username map script = /bin/echo

#============================ Share Definitions ==============================

comment = Home Directories
browseable = no
writable = yes
valid users = UserAID@xxxxxxxxxxxxxxx, @"linuxprojectgroup@xxxxxxxxxxxxxxx"
read only = no

comment = share
path = /share
browseable = yes
writable = yes
valid users = @"linuxprojectgroup@xxxxxxxxxxxxxxx"
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba