M
MattJH
Guest
First: I'm not a Linux administrator, and I don't know what I don't know (if you know what I mean).
We have this server here at work, named FAXSERVER, running the Red Hat Enterprise Linux ES release 3 (Taroon Update 8) distro, along with Samba version 3.0.9-1.3E.12. The directory /home/faxes/ is shared out to our domain via Samba/Winbind.
This is primarily a Windows network. Windows domain controller, etc. I'm on this primary domain (DOMAIN1). And there is another domain. It's a trusted domain (DOMAIN2). I want users authenticating to DOMAIN2 to be able to access /home/faxes/ on this server as well. I can't seem to be able to make it happen.
Here's what I've (clumsily) tried so far:
SAMBA:
The permissions for /home/faxes/ are as follows: drwxrwsr-x 57 uucp 10001 4096 Jul 24 2012 faxes. Looks like everyone has read/execute permission, and the file owner and members of the file's group additionally have write permission.
There are currently three Samba users set up, according to /etc/samba/smbusers: root (mapped to 'administrator' and 'admin'), nobody (mapped to 'guest', 'pcguest', and 'smbguest'), and mike (mapped to 'mike').
The Samba configuration (location: /etc/samba/smb.conf) for /faxes/ is currently as follows:
Prior to me looking into it, the "guest ok" flag was set to no. I changed it to "yes" (since "public=yes" seems to make this redundant) and restarted the Samba service (service smb restart). It doesn't appear that this resolved the issue, but I wanted to try it.
WINBIND:
The 'wbinfo -g' command gives me a list of all user groups, but they're all under DOMAIN1\*. There are no DOMAIN2\* groups listed.
The 'wbinfo -m' command gives me a list of all trusted domains: FAXSERVER, BUILTIN, and DOMAIN2. So DOMAIN2 is trusted by FAXSERVER.
I'm also able to query both DOMAIN1 and DOMAIN2 from FAXSERVER:
[root@faxserver home]# wbinfo -D DOMAIN1
[root@faxserver home]# wbinfo -D DOMAIN2
I don't really know what I'm doing. This is likely self-evident. Is it a matter of changing the "Active Directory" flag under DOMAIN2 from "No" to "Yes"? If so, how would I go about doing that?
Or is this an impossible task, and I'll just end up chasing my tail?
We have this server here at work, named FAXSERVER, running the Red Hat Enterprise Linux ES release 3 (Taroon Update 8) distro, along with Samba version 3.0.9-1.3E.12. The directory /home/faxes/ is shared out to our domain via Samba/Winbind.
This is primarily a Windows network. Windows domain controller, etc. I'm on this primary domain (DOMAIN1). And there is another domain. It's a trusted domain (DOMAIN2). I want users authenticating to DOMAIN2 to be able to access /home/faxes/ on this server as well. I can't seem to be able to make it happen.
Here's what I've (clumsily) tried so far:
SAMBA:
The permissions for /home/faxes/ are as follows: drwxrwsr-x 57 uucp 10001 4096 Jul 24 2012 faxes. Looks like everyone has read/execute permission, and the file owner and members of the file's group additionally have write permission.
There are currently three Samba users set up, according to /etc/samba/smbusers: root (mapped to 'administrator' and 'admin'), nobody (mapped to 'guest', 'pcguest', and 'smbguest'), and mike (mapped to 'mike').
The Samba configuration (location: /etc/samba/smb.conf) for /faxes/ is currently as follows:
comment = FAX faxes
path=/home/faxes
writable = yes
printable = no
public = yes
guest ok = yes
create mask = 0665
Prior to me looking into it, the "guest ok" flag was set to no. I changed it to "yes" (since "public=yes" seems to make this redundant) and restarted the Samba service (service smb restart). It doesn't appear that this resolved the issue, but I wanted to try it.
WINBIND:
The 'wbinfo -g' command gives me a list of all user groups, but they're all under DOMAIN1\*. There are no DOMAIN2\* groups listed.
The 'wbinfo -m' command gives me a list of all trusted domains: FAXSERVER, BUILTIN, and DOMAIN2. So DOMAIN2 is trusted by FAXSERVER.
I'm also able to query both DOMAIN1 and DOMAIN2 from FAXSERVER:
[root@faxserver home]# wbinfo -D DOMAIN1
Name : DOMAIN1
Alt_Name : DOMAINNAME.COM
SID : S-1-3-59-7490224-282867100-4786781930
Active Directory : Yes
Native : Yes
Primary : Yes
Sequence : 62852289
[root@faxserver home]# wbinfo -D DOMAIN2
Name : DOMAIN2
Alt_Name : acrometis.com
SID : S-1-5-21-3827589627-1874523873-1381929582
Active Directory : No
Native : No
Primary : No
Sequence : -1
IN SUMMARY:I don't really know what I'm doing. This is likely self-evident. Is it a matter of changing the "Active Directory" flag under DOMAIN2 from "No" to "Yes"? If so, how would I go about doing that?
Or is this an impossible task, and I'll just end up chasing my tail?
