Accessing Samba Shares using winbind
I have a RHEL 6 box setup successfully using winbind. I can SSH over to the Linux box and logon using my AD account. I can also see AD users and groups using wbinfo and etc.
I also have SAMBA up sharing out a directory. I can browse to this server and see the directory share via my Windows 7 workstation however when I click on the share it says "access denied" I cannot figure out why my AD account is getting access denied on this share.
Below is my global setting and my share config.
Any help would be appreciated!
#======================= Global Settings =====================================
[global]
#--authconfig--start-line--
# Generated by authconfig on 2013/11/05 12:07:43
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = myworkgroup
password server = domain controller
realm = MYDOMAIN.COM
security = ads
idmap config * : backend = tdb
idmap config * : range = 16777216-33554431
idmap config MYDOMAIN:backend = rid
idmap config MYDOMAIN:range = 100000-199999
idmap config MYDOMAIN:base_rid = 0
# idmap backend = rid
# below line a test
# idmap config * : backend = rid
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
# additional testing - next three lines made no difference
# winbind separator = +
# winbind enum users = yes
# winbind enum groups = yes
#--authconfig--end-line--
# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
security = domain
passdb backend = tdbsam
realm = MYDOMAIN.COM
password server = domaincontroller.mydomain.com
[testdir]
path = /testdir
write list = "MYDOMAIN+Domain Users"
browseable = yes
guest ok = yes
Responses
Hi,
Here is a minimum configuration for linux machine to join active directory using winbind mechanism, I saw some confliction in your configuration file, you defined
security = domain
passdb backend = tdbsam
realm = MYDOMAIN.COM
password server = domaincontroller.rustconsulting.com
Section already in GLOBAL, but at the end of configuration you defined it again, I guess you need to remove them, however it's working, but this doesn't come under best practice.
[global]
workgroup = IDM
realm = IDM.EXAMPLE.COM
log level = 2
syslog = 0
server string = Linux File Server
security = ads
log file = /var/log/samba/%m
max log size = 50
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = true
winbind separator = +
template shell = /bin/bash
idmap config * : backend = tdb
idmap config * : range = 16777216-33554431
idmap config IDM:backend = rid
idmap config IDM:range = 100000-199999 <--- change as per requirements.
idmap config IDM:base_rid = 0
As far as share is concerened, you need to define valid users in shared section to access that share.
below is example for your reference:
[Test Share]
comment = For testing
path = /onlyusers
read only = yes
guest ok = no
printable = no
valid users = +"IDM\Domain Users"
write list = +"IDM\Domain Users"
browseable = yes
Considering you have sufficient permission(s) on "/onlyusers" by members of "IDM\Domain Users" and domain is already joined.
Restrat the service of samba and winbind, try to access the share.
Savitoj
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.