[NTLUG:Discuss] Asking the right Questions (Samba + AD)

Chris Cox cjcox at acm.org
Mon May 7 23:56:08 CDT 2007 

. Daniel wrote:
> Excellent!  That'll fill in the missing bits on login! :)  Great!  I'll try 
> that in the morning.
> 
> Next, what if I want to share something like, say, /var/www/html to be 
> writeable by members of the ADOMAIN\WebAdministrators group?

If you really have taken things all the way.. your files are now
under the auspices of POSIX (draft) ACLs.  The best way to change
the permissions is to have the owner (the web user) be an AD
user and change the permissions via Windows.

If that's not what you want... you can at least play with settings
under Windows for some other directory and look at how it translated
into extended ACLs and manipulate the values from a linux shell.

> 
> Logs also show a problem with kerberos tickets... I'll search around some 
> more on that though... seems to be a common problem with few answers.  
> (That is to say searching google for the error messages in the logs yields 
> many hits, but I have yet to find any answers associated with the 
> questions.)
> 
> 
>> From: Chris Cox <cjcox at acm.org>
> 
>> . Daniel wrote:
>>> Things seem to be working.  I just can't get to something useable.
>>>
>>> I can get user accounts to log in via ssh, for example.  I can ssh into 
> the
>>> box, using the format: ADOMAIN\username and it works except that 
> there's no
>>> homedir created or anything like that... heck, I even tried logging 
> into X
>>> using AD credentials.  It "tried" but since there was no home 
> directory, it
>>> didn't happen.  Pretty neat really.
>> You can use root preexec = on the homes share to force creation of a
>> home dir for users hitting that share on the net.
>>
>> On the login side, use the pam module pam_mkhomedir.so
>>
>>> So here's the thing:
>>>
>>> How do I create a share that AD users can access?
>>>
> 
> _________________________________________________________________
> ウェブページを印刷しても途切れない!便利なブラウザを使おう 
> http://promotion.msn.co.jp/ie7/ 
> 
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
> 
>

More information about the Discuss mailing list