Active Directory Windows share folder from Debian samba

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












This is what I have:



  • Group of computers under DOMAIN.LOCAL and all users provided by Active Directory in Windows Server

  • Debian server

  • Windows AD, DC server

What I need:



  • Share a folder from my DebianServer to the other computers so they authenticate with their own users provided by windows AD

What I have already done:



  • My DebianServer is already in the DOMAIN.LOCAL

  • I can login to DebianServer with all the AD users from windows

What I can't:



  • Access the shared folder with the DOMAIN.LOCAL users

Important files:



/etc/nsswitch.conf



passwd: compat sss
group: compat sss
shadow: compat sss
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files sss
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss


/etc/sssd/sssd.conf



[sssd]
services = nss, pam
config_file_version = 2
domains = DOMAIN.LOCAL

[domain/DOMAIN.LOCAL]
id_provider = ad
override_homedir = /home/%d/%u
access_provider = simple


/etc/krb5.conf



[libdefaults]
 default_realm = DOMAIN.LOCAL
 ticket_lifetime=24h
 renew_lifetime=7d
 dns_lookup_realm = false
 dns_lookup_kdc = false
 #estaba en TRUE arriba
# The following krb5.conf variables are only for MIT Kerberos.
 kdc_timesync = 1
 ccache_type = 4
 forwardable = true
 proxiable = true
 fcc-mit-ticketflags = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


[realms]
DOMAIN.LOCAL = 
 kdc=192.168.0.180:88
 admin_server=192.168.0.180:464
 default_domain=domain.local


[domain_realm]
 .domain.local=DOMAIN.LOCAL
 domain.local=DOMAIN.LOCAL


/etc/samba/smb.conf



[global]
 workgroup = DOMAIN
 security = ads
 realm = DOMAIN.LOCAL
 template homedir = /home/%D/%U
 template shell = /bin/bash
 client signing=yes
 client use spnego=yes
 kerberos method=secrets and keytab
[homes]
 comment = Home Directories
 browseable = no
 read only = yes
 create mask = 0700
 directory mask = 0700
 valid users = %S
[Compartido]
path=/home/DebianUser/Compartido
comment=compartido
browseable=yes
read only=no
valid users=@"DOMAIN.LOCALusersgroup"



debian networking windows samba




share|improve this question






















  • Have you set up domain permissions on the individual directories?
    – Raman Sailopal
    Feb 1 at 12:48










  • The point is that I have not been able. Using: "chown -R root:MY_AD_GROUP /my_shared_folder" doesn't work
    – arturo.mj
    Feb 1 at 12:57











  • Can you see the domain users with "getent passwd"
    – Raman Sailopal
    Feb 1 at 13:05










  • No. But I can login and I try "kinit user" "klist" and works fine.
    – arturo.mj
    Feb 1 at 21:51










  • If I use "getent passw USER_FROM_DOMAIN" I get what it is supposed, but when I use just "getent passw" I only get the local users
    – arturo.mj
    Feb 2 at 8:22














up vote
3
down vote

favorite












This is what I have:



  • Group of computers under DOMAIN.LOCAL and all users provided by Active Directory in Windows Server

  • Debian server

  • Windows AD, DC server

What I need:



  • Share a folder from my DebianServer to the other computers so they authenticate with their own users provided by windows AD

What I have already done:



  • My DebianServer is already in the DOMAIN.LOCAL

  • I can login to DebianServer with all the AD users from windows

What I can't:



  • Access the shared folder with the DOMAIN.LOCAL users

Important files:



/etc/nsswitch.conf



passwd: compat sss
group: compat sss
shadow: compat sss
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files sss
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss


/etc/sssd/sssd.conf



[sssd]
services = nss, pam
config_file_version = 2
domains = DOMAIN.LOCAL

[domain/DOMAIN.LOCAL]
id_provider = ad
override_homedir = /home/%d/%u
access_provider = simple


/etc/krb5.conf



[libdefaults]
 default_realm = DOMAIN.LOCAL
 ticket_lifetime=24h
 renew_lifetime=7d
 dns_lookup_realm = false
 dns_lookup_kdc = false
 #estaba en TRUE arriba
# The following krb5.conf variables are only for MIT Kerberos.
 kdc_timesync = 1
 ccache_type = 4
 forwardable = true
 proxiable = true
 fcc-mit-ticketflags = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


[realms]
DOMAIN.LOCAL = 
 kdc=192.168.0.180:88
 admin_server=192.168.0.180:464
 default_domain=domain.local


[domain_realm]
 .domain.local=DOMAIN.LOCAL
 domain.local=DOMAIN.LOCAL


/etc/samba/smb.conf



[global]
 workgroup = DOMAIN
 security = ads
 realm = DOMAIN.LOCAL
 template homedir = /home/%D/%U
 template shell = /bin/bash
 client signing=yes
 client use spnego=yes
 kerberos method=secrets and keytab
[homes]
 comment = Home Directories
 browseable = no
 read only = yes
 create mask = 0700
 directory mask = 0700
 valid users = %S
[Compartido]
path=/home/DebianUser/Compartido
comment=compartido
browseable=yes
read only=no
valid users=@"DOMAIN.LOCALusersgroup"



debian networking windows samba




share|improve this question






















  • Have you set up domain permissions on the individual directories?
    – Raman Sailopal
    Feb 1 at 12:48










  • The point is that I have not been able. Using: "chown -R root:MY_AD_GROUP /my_shared_folder" doesn't work
    – arturo.mj
    Feb 1 at 12:57











  • Can you see the domain users with "getent passwd"
    – Raman Sailopal
    Feb 1 at 13:05










  • No. But I can login and I try "kinit user" "klist" and works fine.
    – arturo.mj
    Feb 1 at 21:51










  • If I use "getent passw USER_FROM_DOMAIN" I get what it is supposed, but when I use just "getent passw" I only get the local users
    – arturo.mj
    Feb 2 at 8:22












up vote
3
down vote

favorite









up vote
3
down vote

favorite











This is what I have:



  • Group of computers under DOMAIN.LOCAL and all users provided by Active Directory in Windows Server

  • Debian server

  • Windows AD, DC server

What I need:



  • Share a folder from my DebianServer to the other computers so they authenticate with their own users provided by windows AD

What I have already done:



  • My DebianServer is already in the DOMAIN.LOCAL

  • I can login to DebianServer with all the AD users from windows

What I can't:



  • Access the shared folder with the DOMAIN.LOCAL users

Important files:



/etc/nsswitch.conf



passwd: compat sss
group: compat sss
shadow: compat sss
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files sss
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss


/etc/sssd/sssd.conf



[sssd]
services = nss, pam
config_file_version = 2
domains = DOMAIN.LOCAL

[domain/DOMAIN.LOCAL]
id_provider = ad
override_homedir = /home/%d/%u
access_provider = simple


/etc/krb5.conf



[libdefaults]
 default_realm = DOMAIN.LOCAL
 ticket_lifetime=24h
 renew_lifetime=7d
 dns_lookup_realm = false
 dns_lookup_kdc = false
 #estaba en TRUE arriba
# The following krb5.conf variables are only for MIT Kerberos.
 kdc_timesync = 1
 ccache_type = 4
 forwardable = true
 proxiable = true
 fcc-mit-ticketflags = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


[realms]
DOMAIN.LOCAL = 
 kdc=192.168.0.180:88
 admin_server=192.168.0.180:464
 default_domain=domain.local


[domain_realm]
 .domain.local=DOMAIN.LOCAL
 domain.local=DOMAIN.LOCAL


/etc/samba/smb.conf



[global]
 workgroup = DOMAIN
 security = ads
 realm = DOMAIN.LOCAL
 template homedir = /home/%D/%U
 template shell = /bin/bash
 client signing=yes
 client use spnego=yes
 kerberos method=secrets and keytab
[homes]
 comment = Home Directories
 browseable = no
 read only = yes
 create mask = 0700
 directory mask = 0700
 valid users = %S
[Compartido]
path=/home/DebianUser/Compartido
comment=compartido
browseable=yes
read only=no
valid users=@"DOMAIN.LOCALusersgroup"



debian networking windows samba




share|improve this question














This is what I have:



  • Group of computers under DOMAIN.LOCAL and all users provided by Active Directory in Windows Server

  • Debian server

  • Windows AD, DC server

What I need:



  • Share a folder from my DebianServer to the other computers so they authenticate with their own users provided by windows AD

What I have already done:



  • My DebianServer is already in the DOMAIN.LOCAL

  • I can login to DebianServer with all the AD users from windows

What I can't:



  • Access the shared folder with the DOMAIN.LOCAL users

Important files:



/etc/nsswitch.conf



passwd: compat sss
group: compat sss
shadow: compat sss
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files sss
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss


/etc/sssd/sssd.conf



[sssd]
services = nss, pam
config_file_version = 2
domains = DOMAIN.LOCAL

[domain/DOMAIN.LOCAL]
id_provider = ad
override_homedir = /home/%d/%u
access_provider = simple


/etc/krb5.conf



[libdefaults]
 default_realm = DOMAIN.LOCAL
 ticket_lifetime=24h
 renew_lifetime=7d
 dns_lookup_realm = false
 dns_lookup_kdc = false
 #estaba en TRUE arriba
# The following krb5.conf variables are only for MIT Kerberos.
 kdc_timesync = 1
 ccache_type = 4
 forwardable = true
 proxiable = true
 fcc-mit-ticketflags = true

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


[realms]
DOMAIN.LOCAL = 
 kdc=192.168.0.180:88
 admin_server=192.168.0.180:464
 default_domain=domain.local


[domain_realm]
 .domain.local=DOMAIN.LOCAL
 domain.local=DOMAIN.LOCAL


/etc/samba/smb.conf



[global]
 workgroup = DOMAIN
 security = ads
 realm = DOMAIN.LOCAL
 template homedir = /home/%D/%U
 template shell = /bin/bash
 client signing=yes
 client use spnego=yes
 kerberos method=secrets and keytab
[homes]
 comment = Home Directories
 browseable = no
 read only = yes
 create mask = 0700
 directory mask = 0700
 valid users = %S
[Compartido]
path=/home/DebianUser/Compartido
comment=compartido
browseable=yes
read only=no
valid users=@"DOMAIN.LOCALusersgroup"




debian networking windows samba





share|improve this question













share|improve this question




share|improve this question








edited Feb 5 at 12:54

























asked Feb 1 at 12:32









arturo.mj

162




162











  • Have you set up domain permissions on the individual directories?
    – Raman Sailopal
    Feb 1 at 12:48










  • The point is that I have not been able. Using: "chown -R root:MY_AD_GROUP /my_shared_folder" doesn't work
    – arturo.mj
    Feb 1 at 12:57











  • Can you see the domain users with "getent passwd"
    – Raman Sailopal
    Feb 1 at 13:05










  • No. But I can login and I try "kinit user" "klist" and works fine.
    – arturo.mj
    Feb 1 at 21:51










  • If I use "getent passw USER_FROM_DOMAIN" I get what it is supposed, but when I use just "getent passw" I only get the local users
    – arturo.mj
    Feb 2 at 8:22
















  • Have you set up domain permissions on the individual directories?
    – Raman Sailopal
    Feb 1 at 12:48










  • The point is that I have not been able. Using: "chown -R root:MY_AD_GROUP /my_shared_folder" doesn't work
    – arturo.mj
    Feb 1 at 12:57











  • Can you see the domain users with "getent passwd"
    – Raman Sailopal
    Feb 1 at 13:05










  • No. But I can login and I try "kinit user" "klist" and works fine.
    – arturo.mj
    Feb 1 at 21:51










  • If I use "getent passw USER_FROM_DOMAIN" I get what it is supposed, but when I use just "getent passw" I only get the local users
    – arturo.mj
    Feb 2 at 8:22















Have you set up domain permissions on the individual directories?
– Raman Sailopal
Feb 1 at 12:48




Have you set up domain permissions on the individual directories?
– Raman Sailopal
Feb 1 at 12:48












The point is that I have not been able. Using: "chown -R root:MY_AD_GROUP /my_shared_folder" doesn't work
– arturo.mj
Feb 1 at 12:57





The point is that I have not been able. Using: "chown -R root:MY_AD_GROUP /my_shared_folder" doesn't work
– arturo.mj
Feb 1 at 12:57













Can you see the domain users with "getent passwd"
– Raman Sailopal
Feb 1 at 13:05




Can you see the domain users with "getent passwd"
– Raman Sailopal
Feb 1 at 13:05












No. But I can login and I try "kinit user" "klist" and works fine.
– arturo.mj
Feb 1 at 21:51




No. But I can login and I try "kinit user" "klist" and works fine.
– arturo.mj
Feb 1 at 21:51












If I use "getent passw USER_FROM_DOMAIN" I get what it is supposed, but when I use just "getent passw" I only get the local users
– arturo.mj
Feb 2 at 8:22




If I use "getent passw USER_FROM_DOMAIN" I get what it is supposed, but when I use just "getent passw" I only get the local users
– arturo.mj
Feb 2 at 8:22















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f421192%2factive-directory-windows-share-folder-from-debian-samba%23new-answer', 'question_page');

);

Post as a guest






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f421192%2factive-directory-windows-share-folder-from-debian-samba%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

Peggy Mitchell

Image
EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
Read more

Palaiologos

Image
Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
Read more

The Forum (Inglewood, California)

Image
The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
Read more