Re: [Samba] Samba and AD based home shares are visible but not accessible
- Date: Tue, 20 Jun 2017 21:58:55 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba and AD based home shares are visible but not accessible
On Tue, 20 Jun 2017 20:21:14 +0000
"Cybulski, Adam M via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> I've set up a CentOS system in my predominantly windows environment.
> Getting it to authenticate users with ssh based on AD user groups
> using KRB5 and SSSD was comparatively easy, but I am not able to
> share files from it.
> I followed the guide here to get as far as I did:
> When I browse to the server using \\<serverIP<file://%3cserverIP>> I
> am presented with the folder
> USERAID@xxxxxxxxxxxxxxx<mailto:USERAID@xxxxxxxxxxxxxxx> which
> corresponds to the account I am logged into the windows computer
> with. However, when I try to open it, I am told I do not have
> permission. I tried to create a non home folder, that all members of
> the AD group would be able to have access to, but I seem to be
> experiencing the same result.
> Here is my smb.conf file, sanitized, but with as much information
> intact as I could manage. I have been at this all day battling it out
> with suggestions from google and previous posts in this mailing list
> with no success.
> # See smb.conf.example for a more detailed config file or
> # read the smb.conf manpage.
> # Run 'testparm' to verify the config is correct after
> # you modified it.
> workgroup = <simplified domain name>
> realm = univ.school.edu
> netbios name = hostname
> password server = *
> server string = Samba Server Version %v
> security =ADS
> log file = /var/log/samba/log.%m
> max log size = 5000
> load printers = No
> idmap config * : backend = tdb
> log level = 4
> local master = no
> domain master = no
> preferred master = no
> wins support = no
> wins proxy = no
> dns proxy = yes
> name resolve order = wins bcast host lmhosts
> #username map script = /bin/echo
> #============================ Share Definitions
> comment = Home Directories
> browseable = no
> writable = yes
> valid users = UserAID@xxxxxxxxxxxxxxx,
> @"linuxprojectgroup@xxxxxxxxxxxxxxx" read only = no
> comment = share
> path = /share
> browseable = yes
> writable = yes
> valid users = @"linuxprojectgroup@xxxxxxxxxxxxxxx"
Hi, do you want it to work, or do you want to use sssd ?
If the later, then I suggest you contact the sssd-users mailing list,
you are not using Samba for authentication.
If you do want it to work, then Samba recommends using winbind, see
here for how to set up a Unix domain member:
To unsubscribe from this list go to the following URL and read the