Results 1 to 2 of 2

Thread: authenticate Samba shares active directory

  1. #1
    Junior Member
    Join Date
    Jun 2013
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default authenticate Samba shares active directory

    Guys I am running Centos 6.4 I have integrated Samba into active directory I am using Windows 2012 domain controllers. The problem is I can't get Samba to authenticate using AD user names or groups all shares come back with access denied. I can log in using kinit and verify that I get a kerberos ticket. I also have verified that the file server gives out a kerberos ticket when trying to access the share from the windows 7 systems. Whenever I try to access the share from a Windows box via \\machinename, FQDN or just by typing the ip address I get access denied. I create a test share on the Linux box \data\files I did a chgrp on \data\files giving domain users ownership I than ran a chmod 777 \data\files still nothing. Also I can run getent on passwords and groups and it returns. So can someone here tell me what I'm missing. Also how do I get logon attempts I would like to see a og that says domain\user access denied.

    krb5.conf

    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

    [libdefaults]
    default_realm = testdomain.LAN
    default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
    default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
    preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
    dns_lookup_realm = false
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true

    [realms]
    EXAMPLE.COM = {
    kdc = kerberos.example.com

    nsswitch.conf

    #netmasks: nisplus [NOTFOUND=return] files

    bootparams: nisplus [NOTFOUND=return] files

    ethers: files
    netmasks: files
    networks: files
    protocols: files
    rpc: files
    services: files

    netgroup: files

    publickey: nisplus

    automount: files
    aliases: files nisplus

    samba
    [global]
    workgroup = TESTDOMAIN
    realm = TESTDOMAIN.LAN
    security = ads
    encrypt passwords = yes
    idmap config * : range = 16777216-33554431
    template shell = /bin/false
    winbind use default domain = false
    winbind offline logon = false

    [Files]
    comment = file share
    path = /data/files
    writeable = yes
    valid users = TESTDOMAIN\domain users

  2. #2
    Senior Member ananth_ak's Avatar
    Join Date
    May 2010
    Location
    Vault 101
    Posts
    191
    Thanks
    23
    Thanked 19 Times in 17 Posts
    Rep Power
    6

    Default

    Hi, firstly you will need samba3x rpm for windows 2008+ support. then undo all the settings on all config files.

    Just use authconfig-tui to configure kerberos

    Then use the following settings in smb.conf

    [global]
    workgroup = ARC
    realm = ARC.LOCAL
    server string = Rapture %v
    #interfaces = bond0
    security = ADS
    password server = columbus:88 mrbubbles:88
    smb ports = 139
    domain master = No
    template shell = /bin/ksh
    winbind separator = _
    winbind enum users = Yes
    winbind enum groups = Yes
    winbind use default domain = Yes
    winbind normalize names = Yes
    idmap config * : range = 16777216-33554431
    idmap config * : backend = tdb

    service smb reload
    service nmb reload

    testparm - to confirm its role is a domain member.

    join to domain.
    net ads join -U<domain admin>

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Samba Shares and permissions
    By alokjalali in forum File Servers
    Replies: 1
    Last Post: 29th July 2011, 05:52 PM
  2. Active Directory alternatives
    By sullivanjm9 in forum Linux software
    Replies: 1
    Last Post: 18th September 2010, 12:20 PM
  3. Unable to connect multiple samba shares
    By Rahul.Kolan in forum File Servers
    Replies: 3
    Last Post: 6th September 2010, 05:01 PM
  4. squid + winbind + samba + active directory
    By fernfrancis in forum CentOS / RHEL / Fedora
    Replies: 1
    Last Post: 22nd August 2010, 05:42 PM
  5. Squid server to authenticate with Windows Active Directory
    By aasif.shaikh in forum Getting started tutorials
    Replies: 2
    Last Post: 31st May 2008, 04:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •