Re: What is the best method to assign file/folder rights for SAMBA cluster authenticating to AD?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It looks like my last message was not processed correctly, so I am re-posting.   

>>sorry for the late reply...
    >>if u still facing problem.. i think i can help u
    >>i am also having the same environment...
    >>6 GPFS cluster nodes joined to 2003 ADS and
    >>serving files for 800 machines in floor..
    >>please reply
    >>if u need help
    >>regards
    >>jerrynikky.
 
   I have not taken the opportunity to modify my current config, yet. I wanted to read a little more about it. From what I can see, I just need to add the idmap backend = idmap_rid:AD=16777216-33554431 parameter, and it should have a consistent mapping of each AD user/group, across all of my servers. I have listed my smb.conf and smb.conf.share1 below. If you can look them over and let me know if they look ok, or post what works for you, I would really appreciate it. 
    smb.conf:
    # Global parameters
    [global]
    	workgroup = AD
    	realm = ad.example.com
    	netbios name = VirtualServer1
    	netbios aliases = EServerT1
    	interfaces = 192.168.100.103

- Ignored:
    	bind interfaces only = Yes
    	security = ADS
    	password server = 192.168.1.11
    	username map = /etc/samba/smbusers
    	use kerberos keytab = Yes
    	log file = /var/log/samba/%m.log
    	dns proxy = No
    	lock directory = /var/cache/samba/tier1
    	pid directory = /var/run/samba/tier1
    	idmap uid = 16777216-33554431
    	idmap gid = 16777216-33554431
    	template shell = /bin/bash
    	winbind use default domain = Yes
    	winbind nested groups = Yes
    	include = /etc/samba/smb.conf.share1
    
    
    smb.conf.share1:
    
    [global]
          workgroup = AD
          pid directory = /var/run/samba/share1
          lock directory = /var/cache/samba/share1
    	log file = /var/log/samba/%m.log
    	encrypt passwords = yes
    	bind interfaces only = yes
    #	netbios name = Server1
    	netbios name = VirtualServer1
    	printable = no
    	security = ADS
    	username map = /etc/samba/smbusers
    	dns proxy = no
    	idmap uid = 16777216-33554431
    	idmap gid = 16777216-33554431
    	template shell = /bin/bash
    	winbind use default domain = yes
    	winbind nested groups = yes
    	password server = 192.168.1.11
    	realm = AD.EXAMPLE.COM
    	use kerberos keytab = yes
          guest ok = no
    
    	#
    	# Interfaces are based on ip resources at the top level of
    	# "carpacs_share1_svc"; IPv6 addresses may or may not
    	# work correctly.
    	#
    	interfaces = 192.168.100.103
    
    
    [EServerT1]
    #[VirtualServer1]
           workgroup = AD
            browseable = yes
            writeable = yes
            public = no
            path = /data/share1
    	guest ok = no 
    	printable = no
    	winbind nested groups = yes
    
    If you have some information or config files you can share, but prefer not to do it in the list, feel free to email me directly. 
    
    Thanks
    Danny
    


##############################################################
This message is for the named person's use only.  It may 
contain confidential, proprietary, or legally privileged 
information.  No confidentiality or privilege is waived or 
lost by any mistransmission.  If you receive this message 
in error, please immediately delete it and all copies of it 
from your system, destroy any hard copies of it, and notify 
the sender.  You must not, directly or indirectly, use, 
disclose, distribute, print, or copy any part of this message
if you are not the intended recipient.  Health First reserves
the right to monitor all e-mail communications through its
networks.  Any views or opinions expressed in this message
are solely those of the individual sender, except (1) where
the message states such views or opinions are on behalf of 
a particular entity;  and (2) the sender is authorized by 
the entity to give such views or opinions.
##############################################################

--

Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster

[Index of Archives]     [Corosync Cluster Engine]     [GFS]     [Linux Virtualization]     [Centos Virtualization]     [Centos]     [Linux RAID]     [Fedora Users]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Camping]

  Powered by Linux