Creating Home Directories and other shares for AD users in samba
Tim Holmes
tholmes at mcaschool.net
Wed Jul 20 18:12:06 UTC 2005
Thanks to the great help here and on the SAMBA List, I have gotten samba
to work correctly to do what I need it to, allowing my windows AD users
to access shares on the samba box without having to either create a
local (samba / linux) user or manually authenticate on the share.
This is GREAT NEWS
Now,
I have hit what I am sure is a linux permissions problem:
When my user (timholmes) clicks on the samba server in the My Network
Places window, I see the shares, In this case webroot, homes and
timholmes
If I enter the timholmes share, it routes me to the directory where the
home folders are supposed to be located, and showes me the one that is
there, in this case it is a local linux user, but I cannot create a new
folder for myself or anything -- is that a process that must be done
manually, and if so, to what values do I set the owner, group and
permissions?
If it is supposed to be automatic, how do I make it happen?
Here is my smb.conf file
[global]
workgroup = MCASCHOOL
realm = MCASCHOOL.NET
security = ADS
password server = srvdc01.mcaschool.net
log file = /usr/local/samba/var/%m.log
preferred master = No
local master = No
domain master = No
wins server = 192.168.0.2
idmap uid = 10000-40000
idmap gid = 10000-40000
# winbind use default domain = Yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = Yes
socket options = TCP_NODELAY
socket options = SO_RCVBUF=8192
spengo = yes
[webroot]
path = /var/www/html/
read only = No
[homes]
browseable = no
writeable = yes
path = /home
[root at Vulcan ~]#
Also, there are some shares --- like the webroot one that multiple users
should have rights to do anything in (for example, the webroot, all of
the teachers in the school should have read, write and execute rights
to, but none of the students should, as well, apache should have read
write and execute rights so that it can serve it etc)
My gut instinct is that it should be owned by apache, and that the group
should be the active directory group teachers (which contains all the
right people) and I am guessing the permissions would look like 775
giving the owner, apache, read, write and execute permissions, the
group, the active directory teachers group, read write and execute -- so
they can edit web pages, and the rest of the world read and execute
permissions so that they can see the pages and execute any scripts etc
in them. Is this right or am I totally confused?
Thanks a bunch
Timothy A. Holmes
IT Manager / Webmaster / Science Teacher
Medina Christian Academy
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
More information about the fedora-list
mailing list