Samba AD valid users issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I have setup a new server centos 5.1 server as a storage server with over 7TB of storage. The server has been integrated into a large Active Directory network there are 5 primary AD servers and a large number of local AD server at each location (over 20). There are also over 15 trusted domains hundreds of groups and thousands of users. It has been quite a challenge to integrate the Linux server with Samba into this incitement. I am now at a point where I can change user and group ownership of filed and folders at AD users and connect to the server with a windows client.
There are also issues with Samba not starting on bootup (yes the service is set to start at level 3 ? system starts non GUI). And it seems to take quite a while for system to recognize domain users on startup. 

The [TEST] share works with out issue.
The [TEST-ENG] share is not working no matter what I do.
The issue that I am having is that most of the groups have a ?@? at the beginning. 
Ie: @DIV-Engineering
This conflicts with the Samba ?valid users = ? directive in the smb.conf.
I have been able to change the group ownership to ?@DIV-Engineering? in the file-system without any issues. 


Is there any way to do this?


[global]
        workgroup = XXX
        realm = XXX
        server string = Samba Server Version %v
        security = ADS
        auth methods = guest, sam, winbind
        obey pam restrictions = Yes
        password server = nycbcc01.xxx.ad.xxx.net
#       winbind separator = \\
#       passdb backend = tdbsam
        wins server = 192.20.76.98
        ldap ssl = no
        winbind use default domain = yes
        idmap uid = 10000-100000
        idmap gid = 10000-100000
        winbind enum users = Yes
        preferred master = no
        encrypt passwords = yes
        template homedir = /home/samba/%D/%U
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[TEST]
        path = /home/samba/shares/TEST
        valid users = @"XXX\Domain Users"
        force group = "XXX\domain users"
        read only = No
        create mask = 0774
        force create mode = 0775
        directory mask = 0775
        force directory mode = 0770
        force directory security mode = 0770

[TEST-ENG]
        path = /home/samba/shares/TEST
        valid users = @"XXX\@DIV-Engineering"
        force group = "XXX\@DIV-Engineering"
        read only = No
        create mask = 0774
        force create mode = 0775
        directory mask = 0775
        force directory mode = 0770
        force directory security mode = 0770
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux