Общий доступ к samba двум пользователям домена AD
Я столкнулся с проблемой, связанной с общим ресурсом samba для нескольких пользователей домена. Оба домена AD являются доверенными и обновлены записи Kerberos для обоих доменов в krb5.onf. Все еще только пользователь из QUICKSTREAM имеет доступ к общим ресурсам, а пользователь из MCN.TRUE.com.au не имеет доступа. wbinfo -u показывает все данные пользователя из обоих доменов. Любые изменения, необходимые в smb.conf для решения проблемы. Ниже приведены файлы krb5.conf и smb.conf с моего сервера RHEL 5u3.
[root@horseftp01 ~]# cat /etc/samba/smb.conf | grep -v "#"
[global]
workgroup = QUICKSTREAM
server string = Samba Server Version %v
netbios name = horseFTP01
interfaces = lo eth0 10.92.87.210/24
hosts allow = 127. 10.
template shell = /bin/tcsh
winbind use default domain = false
winbind offline logon = false
winbind separator = +
username map = /etc/samba/username.map
server signing = auto
; log file = /var/log/samba/%m.log
; max log size = 50
security = ads
; passdb backend = tdbsam
realm = QUICKSTREAM.demandenergy.COM.AU
password server = horsedc05.QUICKSTREAM.demandenergy.com.au, *
; security = user
; passdb backend = tdbsam
; domain master = yes
; domain logons = yes
; logon script = %m.bat
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
; logon path =
; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"
; local master = no
; os level = 33
; preferred master = yes
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
load printers = no
cups options = raw
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = cups
; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes
[homes]
comment = Home Directories
browseable = yes
writable = yes
create mask = 0664
directory mask = 0775
; valid users = %S
; valid users = MYDOMAIN\%S
[Svsync]
comment = SV Sync Dir
path = /var/ftp/home/Svsync
browseable = yes
force user = Svsync
valid users = demandenergy+s_wellview_users demandenergy+service_sv_npe demandenergy+service_sv_prod
guest ok = no
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[root@horseftp01 ~]#
###################################
[root@horseftp01 ~]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = QUICKSTREAM.demandenergy.COM.AU
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
QUICKSTREAM.demandenergy.COM.AU = {
kdc = 10.92.88.162:88
admin_server = 10.93.87.162:749
default_domain = QUICKSTREAM.demandenergy.com.au
}
MCN.TRUE.COM.AU = {
admin_server = CMAOGESRVFE009.MCN.TRUE.COM.AU
kdc = CMAOGESRVFE009.MCN.TRUE.COM.AU
}
[domain_realm]
.QUICKSTREAM.demandenergy.com.au = QUICKSTREAM.demandenergy.COM.AU
QUICKSTREAM.demandenergy.com.au = QUICKSTREAM.demandenergy.COM.AU
.MCN.TRUE.com.au = MCN.TRUE.COM.AU
MCN.TRUE.com.au = MCN.TRUE.COM.AU
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[root@horseftp01 ~]#