I have setup a new server centos 5.1 server as a storage server with over 7TB of storage. The server has been integrated into a large Active Directory network there are 5 primary AD servers and a large number of local AD server at each location (over 20). There are also over 15 trusted domains hundreds of groups and thousands of users. It has been quite a challenge to integrate the Linux server with Samba into this incitement. I am now at a point where I can change user and group ownership of filed and folders at AD users and connect to the server with a windows client.
There are also issues with Samba not starting on bootup (yes the service is set to start at level 3 system starts non GUI). And it seems to take quite a while for system to recognize domain users on startup.
The [TEST] share works with out issue. The [TEST-ENG] share is not working no matter what I do.
The issue that I am having is that most of the groups have a @ at the beginning. Ie: @DIV-Engineering This conflicts with the Samba valid users = directive in the smb.conf.
I have been able to change the group ownership to @DIV-Engineering in the file-system without any issues.
Is there any way to do this?
[global] workgroup = XXX realm = XXX server string = Samba Server Version %v security = ADS auth methods = guest, sam, winbind obey pam restrictions = Yes password server = nycbcc01.xxx.ad.xxx.net # winbind separator = \ # passdb backend = tdbsam wins server = 192.20.76.98 ldap ssl = no winbind use default domain = yes idmap uid = 10000-100000 idmap gid = 10000-100000 winbind enum users = Yes preferred master = no encrypt passwords = yes template homedir = /home/samba/%D/%U cups options = raw
[homes] comment = Home Directories read only = No browseable = No
[printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No
[TEST] path = /home/samba/shares/TEST valid users = @"XXX\Domain Users" force group = "XXX\domain users" read only = No create mask = 0774 force create mode = 0775 directory mask = 0775 force directory mode = 0770 force directory security mode = 0770
[TEST-ENG] path = /home/samba/shares/TEST valid users = @"XXX@DIV-Engineering" force group = "XXX@DIV-Engineering" read only = No create mask = 0774 force create mode = 0775 directory mask = 0775 force directory mode = 0770 force directory security mode = 0770
Hi,
On Fri, 2008-06-06 at 17:26 -0400, mslist@opcenter.net wrote:
I have setup a new server centos 5.1 server as a storage server with over 7TB of storage. The server has been integrated into a large Active Directory network there are 5 primary AD servers and a large number of local AD server at each location (over 20). There are also over 15 trusted domains hundreds of groups and thousands of users. It has been quite a challenge to integrate the Linux server with Samba into this incitement. I am now at a point where I can change user and group ownership of filed and folders at AD users and connect to the server with a windows client.
There are also issues with Samba not starting on bootup (yes the service is set to start at level 3 – system starts non GUI). And it seems to take quite a while for system to recognize domain users on startup.
The [TEST] share works with out issue. The [TEST-ENG] share is not working no matter what I do.
The issue that I am having is that most of the groups have a ‘@’ at the beginning. Ie: @DIV-Engineering This conflicts with the Samba “valid users = “ directive in the smb.conf.
I have been able to change the group ownership to“@DIV-Engineering” in the file-system without any issues.
Is there any way to do this?
[global] workgroup = XXX realm = XXX server string = Samba Server Version %v security = ADS auth methods = guest, sam, winbind obey pam restrictions = Yes password server = nycbcc01.xxx.ad.xxx.net # winbind separator = \ # passdb backend = tdbsam wins server = 192.20.76.98 ldap ssl = no winbind use default domain = yes idmap uid = 10000-100000 idmap gid = 10000-100000 winbind enum users = Yes preferred master = no encrypt passwords = yes template homedir = /home/samba/%D/%U cups options = raw
[homes] comment = Home Directories read only = No browseable = No
[printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No
[TEST] path = /home/samba/shares/TEST valid users = @"XXX\Domain Users" force group = "XXX\domain users" read only = No create mask = 0774 force create mode = 0775 directory mask = 0775 force directory mode = 0770 force directory security mode = 0770
[TEST-ENG] path = /home/samba/shares/TEST valid users = @"XXX@DIV-Engineering" force group = "XXX@DIV-Engineering" read only = No create mask = 0774 force create mode = 0775 directory mask = 0775 force directory mode = 0770 force directory security mode = 0770
Having a quick glance at the config I remember I had a sort of same issue, set your winbind seperator character to something like '#' and do the same in the valid users and groups and it should give you more working stuff ;) The \ character is a line break which tells samba to continue reading the config on the next line including spaces and linebreaks...
regards,
Michel
-
Michel van Deventer -
mslist@opcenter.net