Ubuntu Networking :: Active Directory Samba Share Permission?
Feb 24, 2011
I'm having a problem with Active Directory and Share permissions that I cant seem to figure out. I used likewise-open to join my ubuntu server to a windows 2008 domain. Everything seems to be working fine. The problem is, the only way I can access the shares is if I CHMOD 777 the share directory. If I CHMOD 770, the Domain owner or Domain group member of the directory cant access the directory. Also, when creating a folder within the share, I need to set the directory mask as 777 in order to enter those sub folders.
I have a Samba share that contains a symbolic link and when I try accessing it from the WinXP machine it denies permission. If I access it from the Linux account, it goes in with no problems. Is there a certain setting that needs to be set or enabled or is this just one of those things with Samba?
I have a freshly installed CentOS 5.4 box which I'm trying to get AD authentication working on. I have AD authentication via kerberos working for SSH, but when I try and have it work for SMB shares I'm getting an access denied error. What's even more odd is that when I tell pam to use winbind to authenticate SSH...it works just fine. Wbinfo -a username%password authenticates fine and getent passwd and group enumerates the AD users and groups ok. My smbd.log was throwing the following error "Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE" but has since stopped for some reason, but googling this indicated I needed re-join the machine to the domain, which I have.
I have ubuntu server 9.04 installed on my computer and I am trying to make a Domain Server. I have made sure that there are no problems in the configuration file. When I go to join the domain in windows 7 it tells me that it cannot find the Active Directory server.
I am the IT Manager at a research facility. We have a fairly unique network configuration in order to support all of the different projects we have going on. We have Red Hat, Ubuntu, Windows XP/Vista/7, Windows Servers 2003, Ubuntu servers, Red Hat servers, and even a few Netgear ReadyNAS and Buffalo Terastations. Over the last few years, I have been migrating all of my users and accounts to a single ACL list, which I chose to be a Windows AD 2003 server. 95% of my users work on Windows platforms and just use ssh tunnels to develop on our linux boxes.
However, i ran in to a problem with our Linux boxes not being able to symbolic link on my Windows 2003 file shares. Of course, this is a problem with Windows not supporting symbolic links. I know 2008 does support this feature, but given the economy and the budget restraints, we cannot afford to purchase the updates we would need, so now I am moving all of my shares to a Ubuntu 10.04 server using Samba. I have joined the server to my AD domain successfully, i can login using my AD credentials, and even assign ownership and group permissions using AD users/groups.
Here is my question.
I would like to keep the AD permission schemes intact. I have several shares that contain folders that have individual permission settings. For example, I have a /shared directory that contains about 50 different folders. Some of these folders I allow my users to write data to, some just read, and others I deny access to complete groups and just allow key groups to access (for example, personnel data should only be accessed by the Administrative staff).
Is there a way to make this work?
I can assign uid and gid manually per folder in Samba, but i would like to have the possibility to add multiple users and groups with permissions to folders, which I do not believe can be done with the standard chown commands. Currently, I can see the folder permissions from my Windows box, but when I try to edit the permission settings, it defaults back to full access. So my AD permissions are not being saved.
I would like to know how can I get permission to subdirectories of a share other than what main share has. I do not want them to have same share I mean for example I share "sharetest" and it has full access for A and B and C groups but "sharetest/foo1" has read only access for A group and "sharetest/foo2" has read only access for B group and "sharetest/foo3" has read only access for all of them.
I have created a samba share and mounted the share with /etc/fstab on another machine. This share is supposed to be a fully public share i.e. i have different share where different permissions are set but on this particular share i intend to have full read write and execute rights to all the users on my mounting machine.
The problem is that I get only owner and group rights for write on directories that i create due to which all my users can create files in my mount directory but when they create a folder they cannot create any file inside that folder.
I've been banging my head on this for a week... I finally got AD login working, but I can't get cached logins working. I installed SADMS, let it configure everything, and though I can now login, I still cannot login as my AD username when my machine is not connected to the AD network. I need to be able to login at home, connect to the VPN (if I can ever get that working), then sign on to services at work using my AD username.
Also, I cannot login to local accounts when the system is not connected to the AD network. Plus, home drive mapping is not working, our shares are \FILESERVERuseruser[I]username[I] so this does not work. UPDATE: I installed likewise-open, and now I can't login unless I use the full domain name when logging in via ssh, but I cannot login on the desktop, which is not what I want, now my username doesn't match the previous UID mapping, and my home directory is mapped to /home/likewise-open/DOMAIN/user, instead of /home/DOMAIN/user, like it was before.
We have a couple of Windows file servers that just share files. It is all they do. We'd like to use Ubuntu on two replacement servers allowing Windows XP and Windows 7 clients to access the files. Our network is active directory based due to Exchange and homegrown .NET apps, so it is important that active directory is used to authenticate the clients. Samba doesn't need to be a pdc or bdc, but provide pass through authentication.I understand that Samba can communicate with active directory through security-ads and security-domain.
Here are my questions to see if I should proceed:1) Folder permissions:If we move all our files to the Ubuntu server how do we set folder permissions and will we see the active directory accounts when we do this?2) Skipping ubuntu accounts: I know the domain and ads allow you to skip creating ubuntu accounts, right? If not, how do you keep the passwords synchronized?3) Easiest way? Is there a very easy way to pull this off that I've missed? My goal is to eliminate the Windows based file servers while ensuring the admin part of it is as easy as possible.To date I've been able to get the sharing to work with an ubuntu account mirroring the active directory account. I've been able to get Samba to talk to the pdc, but not successfully through domain security. ADS security was a complete cluster with winbindd
My all production PC r running under ADC windows2008 server. Recently I implement a file server in CentOS 5. Now I want to integrate Samba (File sharing) using Active Directory so that all access permission to file server comes from AD's permission.
I want to share a same directory so that it can be accessed by both Linux clients & windows clients. how can i do this? i want to share that directory with both NFS & samba services. Is it possible to do this?
I've to make a Windows 2000 share on my Server Linux CentOS 5.1 with all the updates installed with yum. I've a directory on a Windows 2000 that contains some images for a catalogue. I have my internet site on CentOS 5.1 with a Apache - Mysql - PHP web server. I have to mount my directory on a share in /mnt/catalogueimages and made a symbolic link from my /var/www/html/mysite/catimages to this samba share.
This is what I do following your guide a this link: [URL] I have placed in my /etc/fstab this line: //SERVER/C/Catalogue /mnt/catalogueimages cifs user,username=Administrator,password=,uid=apache,gid=apache 0 0 My Windows 2000 server have no password.
After that I made the symbolic link: ln -s /mnt/catalogueimages /var/www/html/mysite/catimages All it's OK.
The problem is that I can't see the images via browser. I have tried also to put some images in the directory /mnt/catalogueimages, deleting the mount point, in order to see if the problem was in apache: the images are visible via browser. Why I don't reach to see the images mounted with samba?
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
Start>Run>\192.168.0.1storage gives me "The specified network password is not correct." It lists my domain as "ANTEC" which is the name of my computer, though I've changed the workgroup to WELLS. I've run:
I'm trying to setup a Samba network share with a Fedora Directory Server backend. This will be used primarily for Windows users to authenticate before accessing the share. I am using Fedora Core 10 and have all of the latest updates installed. When I try to connect from a Windows machine, I am prompted for a username and password. I enter the username and password of the account I created in Fedora Directory Server in OU=People. The credentials are rejected. At the same time in the log file I see this:
[2009/02/24 16:50:16, 3] auth/auth_sam.c:check_sam_security(282) check_sam_security: Couldn't find user 'Administrator' in passdb. [2009/02/24 16:50:16, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
Administrator is the user I created in Fedora Directory Server. If I perform an ldapsearch it will find the user as uid: Administrator so I know it is able to be looked up in FDS. But I'm guessing that's not the problem.
I have set my Ubuntu 10.04 box with our Windows domain. I can see from "net ads info" that I am on the domain. I can also get the password and group info with getent.So far so good. But I have tried to configure pam basically by following this guide:http://www.ccs.neu.edu/home/battista...nbind/pam.html
Yet when I try to su or login as an AD user I just get and immediate "Unknown id: <userid>".I have had a look at /var/log/auth.log and there are no errors there.Can anyone provide some tips on debugging the pam configuration?
I am running the Ubuntu Netbook Remix and setting up our systems for Active Directory Domain Authentication. When I am hard wired in (ethernet), AD authentication works with no problems using the Likewise-Open software (installed through Ubuntu Software Center). What I want to be able to do is have people authenticate with AD with only a wireless connection. Has anybody done this before?
I have a server with Fedora 13 with which I would like to get NFS working. I have looked up multiple howto's and tutorials, but I'm having a problem not addressed by any of them.Official how-to, another how-to, and another how-to.I have verified that nfs-utils, nfs-utils-lib, portmap, and system-config-nfs are installed and running. I have verified that I have, in fact, shared the directory that I want to share, and that the proper permissions are set.
I had to go through some gyrations to get the Belkin wireless N router to allow my server to have a static IP. However, I can ping the server from the nfs client (a toshiba satellite running mint 8), and vice versa. I have (for now) disabled firewalls on both computers. I think I have disabled SELinux on Fedora 13 (for now).When I attempt to connect to the server from the client, the output looks like this:Quote:
aragorn ~ # mount -v 192.168.2.101:/test /home/kelev/test/ mount: no type was given - I'll assume nfs because of the colon mount.nfs: timeout set for Sat Dec 18 12:21:09 2010
I'm sure there is a very trivial solution to my problem but I just can't figure it out due to my lack of knowledge.I want to mount an nfs share share on client1. The share is on server1.The server1 /etc/exportfs has entry: /backup client1 rw,all_squash,no_subtree_ check) The client1 sudo mount works just fine: sudo mount server1:/backup /backup..Can anyone let me know how to mount the nfs whare with options to read/write permissions for a regular user. And then put that mount into /etc/fstab? Should I mount first and then change the ownership of that folder?
I have successfully connected (and authenticated the user) from linux (Ubuntu) to Active Directory (windows 2003) using "Likewise Open".
1. at the login screen I have to enter "example.localusername" to login. how can I simplify the login so that the user can choose (click)the domain and just enter the username and password (like the login in windows) or make the domain the default.
2. how can I configure the default user profile? meaning, when the user login for the first time, I want to configure his profile. does it use the "/etc/skel" directory like the regular local login?
But here is my problem... I have a windows 2003 server mini tower ATX running VMware workstation 7.0 that has a Ubuntu server 32-bit and a Ubuntu desktop; both versions are 10.04. Now, my ubuntu server edition joins active directory just fine, but my ubuntu desktop does not.
The scenario is I have a Windows Server 2003 Domain Controller which runs ADUC. I have created some security groups which I would like to apply to my network shares. The problem is, the majority of my network shares are based on Open Suse machines which, although are part of the domain, when trying to configure the shares using SMB, do not allow me to select the Active Directory groups. Any solution which will allow me to use ADUC security groups?
I've been trying to set up a media server using Ubuntu server, following the instructions from [URL]. I am trying to access the server from a windows 7 pro laptop. I can see my media server on the network. I can see the folder vol1 which I want to access, but when I double click on it, I am given an error message saying it is not accessible and I don't have permission to access it. I can access the server using webmin, and I can access its terminal with putty. I just don't know what settings to tweak.
I'm having a problem with squidguard filter with AD authentication. I have downloaded the latest stable source package from squidguard site and I followed the instructions for the ldap(AD) authentication but it does not work at all.I have googled and tried everything but no luck. (first 30 hits on google) Anyway this is the LDAP auth part: http://www.squidguard.org/Doc/authentication.html at squidguard and this is how to build the package.
I am testing CentOS 5.4 on a virtual machine before deploying to a server.I am trying to get authentication through our Active Directory server, without actually joining the machine to the domain.I tried multiple tutorials, including this one: URL...Basically I enabled authentication through kerberos and modified my ldap.conf file.