Hi,
I'm having a problem deploying a samba server in a Windows Active Directory
environment. The domain is a Windows 2003 native domain, so all the domain
controllers are running on Windows 2003.
The principal problem I'm having is with permissions and mapping windows
groups to linux groups.
I'm using CentOS v4.5, so basically RHEL4 for this, and these are the samba
packages I have installed:
system-config-samba-1.2.21-1.el4.1
samba-common-3.0.10-1.4E.12.2
samba-3.0.10-1.4E.12.2
samba-client-3.0.10-1.4E.12.2
As it's so close to RHEL, I initally followed the guide here:
http://kbase.redhat.com/faq/FAQ_85_5787.shtm
as well as the guide to configuring Kerberos, linked at the bottom of the
above knowledgbase article. However this didn't allow us to mount the share,
or browse the share from a Windows machine.
So after some googling, I have enabled winbind and configured nsswitch.conf to
use files and winbind for passwd, group and shadow - this then allowed access
to the share, but still with permissions problems.
Essentially, I cannot correctly set the permissions to allow the share to be
managed via windows. If I make a directory world-writeable in linux, I can
create files no problem from within windows. However I can not correctly
manage the permissions from within windows. They also do not appear to be
applied correctly, and I'm not sure why.
If I create a file in the share within windows, I can set permissions to allow,
for example, the Domain Admins group to read,write,execute the file but
the permissions are not applied as only the user that created the file in the
first place can edit and save changes. When viewing the file in linux or
windows, it appears the correct permissions are on the file. I have also
enabled ACLs on the file system allocated for the samba share, and these are
working (from within Linux):
[sxxx@xxxxx windows]$ ls -al
total 28
drwxrwxrwx 2 root ntadmin 4096 Oct 11 11:34 .
drwxr-xr-x 5 root root 4096 Oct 11 11:08 ..
-rwxrwxr--+ 1 DOMAIN\2378 DOMAIN\Domain Users 36 Oct 11 11:29 New Text Document2.txt
-r--rwx---+ 1 DOMAIN\1336 DOMAIN\AllUsers 9 Oct 11 11:23 New Text Document.txt
Listing the ACLs displays the correct DOMAIN groups have access to the file,
but there's still no joy - the permissions do not seem to be applied.
I have mapped the "Domain Admins" group to a local UNIX group via the
net groupmap command, but this does not appear to have worked.
I don't think I've explained the problem brilliantly, and there is obviously
quite a few large configuration files I could post, so please let me know if
you need further info. Any assistance greatly appreciated - this was a
windows-only environment until very recently, but I'm getting some traction
with linux/OSS and getting this working would help a lot!
Cheers,
Steve
