Authenticating Samba Shares against AD

**brad82** · 2nd February 2012, 10:27 PM

Hi All,

I have been managing unix web servers for a long time now, however I'm deploying a Baccalaureate Portfolio web app I've developed for us into the network. Im running it on a Ubuntu 11.10 server, and I'm having problems with the Samba shares (first time I've used samba)..

Ive set up a simple share in samba.conf

Code:

[BaccData]
    comment = Bacc Admin Access
    path = /baccdata
    browsable = yes
    guest ok = yes
    read only = no
    create mask = 0755

I need to somehow configure this on a AD OU basis, so the students have no access to this share, but the admin and SMT OUs do. I have absolutely no idea how to go about doing this, and all my googling turned up zilch. I tried binding Samba to AD in Webmin but that just spat its dummy out at me.

If anyone has any pointers, or even links to an article that will give me some sort of idea what I'm doing that would be greatly appreciatedn- again linux isn't anything new to me, so if I have a small clue what to do I should be able to figure the rest out for myself!

Cheers

**CyberNerd** · 2nd February 2012, 10:53 PM

I put together a howto with samba here:
Samba Homedirectory - Wiki

I think the bits you want to look at in more detail are the ACL support, and valid users.
ACL support on the filesystem allows you you use setfacl to set NTFS style permissions -ie how you to allow shares on a per user basis.
you'd probably need to do this on a group basis rather than OU, but it is fairly trivial to make OU members of groups.

also look at

Code:

valid users =

where you could use @"DOMAIN\domain^admins" for example.

**brad82** · 2nd February 2012, 11:18 PM

Ill have a look into it, cheers mate

**glennda** · 2nd February 2012, 11:25 PM

Just Another pointer - if you are going to host production software I would personally only run it on LTS versions of Ubuntu (currently 10.04) soon to be 12.04. You then have support/update for the os longer then with the minor releases

**dhicks** · 2nd February 2012, 11:32 PM

Originally Posted by brad82

If anyone has any pointers, or even links to an article that will give me some sort of idea what I'm doing that would be greatly appreciatedn- again linux isn't anything new to me, so if I have a small clue what to do I should be able to figure the rest out for myself!

There's this thread, where I stumble around doing the same sort of thing you're doing now:

Configuring Samba

**brad82** · 2nd February 2012, 11:40 PM

Originally Posted by glennda

Just Another pointer - if you are going to host production software I would personally only run it on LTS versions of Ubuntu (currently 10.04) soon to be 12.04. You then have support/update for the os longer then with the minor releases

I will still be around when 12.04 hits, so ill upgrade to that when it hits the release, then leave it at that until the next LTS.. I just happened to have an image of another ready to deploy LAMP stack laying around so I deployed that as I'm lazy!

Also cheers David - I shall have a read tomorrow when I'm back in front of PuTTY!

**CyberNerd** · 2nd February 2012, 11:48 PM

Originally Posted by dhicks

There's this thread, where I stumble around doing the same sort of thing you're doing now:

Configuring Samba

wow, that was a blast from the past. Means I've been running the same system (notwithstanding new hardware and OS upgrades) for 3.5 yrs now.
About time I had another look at new samba features!

LinkBack

Thread Tools

Search Thread

Authenticating Samba Shares against AD

Similar Threads

Authenticate IIS against AD transparently

What am I missing? Authenticating against AD

Macs often refuse authentiaction against AD

Samba Shares!

Samba share

Thread Information

Users Browsing this Thread

Posting Permissions