[Linux-cluster] Re: What is the best method to assign file/folder rights for SAMBA cluster authenticating to AD?
Danny Wall
Danny.Wall at health-first.org
Mon Jul 10 18:51:27 UTC 2006
It looks like my last message was not processed correctly, so I am re-posting.
>>sorry for the late reply...
>>if u still facing problem.. i think i can help u
>>i am also having the same environment...
>>6 GPFS cluster nodes joined to 2003 ADS and
>>serving files for 800 machines in floor..
>>please reply
>>if u need help
>>regards
>>jerrynikky.
I have not taken the opportunity to modify my current config, yet. I wanted to read a little more about it. From what I can see, I just need to add the idmap backend = idmap_rid:AD=16777216-33554431 parameter, and it should have a consistent mapping of each AD user/group, across all of my servers. I have listed my smb.conf and smb.conf.share1 below. If you can look them over and let me know if they look ok, or post what works for you, I would really appreciate it.
smb.conf:
# Global parameters
[global]
workgroup = AD
realm = ad.example.com
netbios name = VirtualServer1
netbios aliases = EServerT1
interfaces = 192.168.100.103
- Ignored:
bind interfaces only = Yes
security = ADS
password server = 192.168.1.11
username map = /etc/samba/smbusers
use kerberos keytab = Yes
log file = /var/log/samba/%m.log
dns proxy = No
lock directory = /var/cache/samba/tier1
pid directory = /var/run/samba/tier1
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = Yes
winbind nested groups = Yes
include = /etc/samba/smb.conf.share1
smb.conf.share1:
[global]
workgroup = AD
pid directory = /var/run/samba/share1
lock directory = /var/cache/samba/share1
log file = /var/log/samba/%m.log
encrypt passwords = yes
bind interfaces only = yes
# netbios name = Server1
netbios name = VirtualServer1
printable = no
security = ADS
username map = /etc/samba/smbusers
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = yes
winbind nested groups = yes
password server = 192.168.1.11
realm = AD.EXAMPLE.COM
use kerberos keytab = yes
guest ok = no
#
# Interfaces are based on ip resources at the top level of
# "carpacs_share1_svc"; IPv6 addresses may or may not
# work correctly.
#
interfaces = 192.168.100.103
[EServerT1]
#[VirtualServer1]
workgroup = AD
browseable = yes
writeable = yes
public = no
path = /data/share1
guest ok = no
printable = no
winbind nested groups = yes
If you have some information or config files you can share, but prefer not to do it in the list, feel free to email me directly.
Thanks
Danny
##############################################################
This message is for the named person's use only. It may
contain confidential, proprietary, or legally privileged
information. No confidentiality or privilege is waived or
lost by any mistransmission. If you receive this message
in error, please immediately delete it and all copies of it
from your system, destroy any hard copies of it, and notify
the sender. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message
if you are not the intended recipient. Health First reserves
the right to monitor all e-mail communications through its
networks. Any views or opinions expressed in this message
are solely those of the individual sender, except (1) where
the message states such views or opinions are on behalf of
a particular entity; and (2) the sender is authorized by
the entity to give such views or opinions.
##############################################################
More information about the Linux-cluster
mailing list