Running Samba/Winbind with two domains

Discussion in 'General Linux' started by MattJH, Jul 9, 2013.

  1. MattJH

    MattJH New Member

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    First: I'm not a Linux administrator, and I don't know what I don't know (if you know what I mean).

    We have this server here at work, named FAXSERVER, running the Red Hat Enterprise Linux ES release 3 (Taroon Update 8) distro, along with Samba version 3.0.9-1.3E.12. The directory /home/faxes/ is shared out to our domain via Samba/Winbind.

    This is primarily a Windows network. Windows domain controller, etc. I'm on this primary domain (DOMAIN1). And there is another domain. It's a trusted domain (DOMAIN2). I want users authenticating to DOMAIN2 to be able to access /home/faxes/ on this server as well. I can't seem to be able to make it happen.

    Here's what I've (clumsily) tried so far:

    SAMBA:

    The permissions for /home/faxes/ are as follows: drwxrwsr-x 57 uucp 10001 4096 Jul 24 2012 faxes. Looks like everyone has read/execute permission, and the file owner and members of the file's group additionally have write permission.

    There are currently three Samba users set up, according to /etc/samba/smbusers: root (mapped to 'administrator' and 'admin'), nobody (mapped to 'guest', 'pcguest', and 'smbguest'), and mike (mapped to 'mike').

    The Samba configuration (location: /etc/samba/smb.conf) for /faxes/ is currently as follows:

    comment = FAX faxes​
    path=/home/faxes​
    writable = yes​
    printable = no​
    public = yes​
    guest ok = yes​
    create mask = 0665​

    Prior to me looking into it, the "guest ok" flag was set to no. I changed it to "yes" (since "public=yes" seems to make this redundant) and restarted the Samba service (service smb restart). It doesn't appear that this resolved the issue, but I wanted to try it.

    WINBIND:

    The 'wbinfo -g' command gives me a list of all user groups, but they're all under DOMAIN1\*. There are no DOMAIN2\* groups listed.

    The 'wbinfo -m' command gives me a list of all trusted domains: FAXSERVER, BUILTIN, and DOMAIN2. So DOMAIN2 is trusted by FAXSERVER.

    I'm also able to query both DOMAIN1 and DOMAIN2 from FAXSERVER:

    [root@faxserver home]# wbinfo -D DOMAIN1

    Name : DOMAIN1​
    Alt_Name : DOMAINNAME.COM​
    SID : S-1-3-59-7490224-282867100-4786781930​
    Active Directory : Yes​
    Native : Yes​
    Primary : Yes​
    Sequence : 62852289​

    [root@faxserver home]# wbinfo -D DOMAIN2

    Name : DOMAIN2​
    Alt_Name : acrometis.com​
    SID : S-1-5-21-3827589627-1874523873-1381929582​
    Active Directory : No​
    Native : No​
    Primary : No​
    Sequence : -1​

    IN SUMMARY:


    I don't really know what I'm doing. This is likely self-evident. Is it a matter of changing the "Active Directory" flag under DOMAIN2 from "No" to "Yes"? If so, how would I go about doing that?

    Or is this an impossible task, and I'll just end up chasing my tail?
  2. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,338
    Likes Received:
    445
    Trophy Points:
    83
  3. MattJH

    MattJH New Member

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1

    Hey there! I'll take ANY input, so yes, this is helpful. If nothing else, it shows me that the default realm is specified in /etc/krb5.conf. My overall question still remains, though -- I don't know how to share folder contents to the authenticated users of a trusted domain.
  4. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,338
    Likes Received:
    445
    Trophy Points:
    83
    So, Domain1 has access to /home/faxes right? How did you set that up?
  5. MattJH

    MattJH New Member

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1

    Correct!

    I didn't. This is my first time working on this machine.
  6. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,338
    Likes Received:
    445
    Trophy Points:
    83
    Can we see all of /etc/samba/smb.conf ? From Global settings to the end?

Share This Page