Samba Share – Granting Samba Share Permission to AD Computer Accounts

active-directorymountnetwork-sharesambawindows

I'm running Samba 3.4.7 with Likewise Open 6.0.0.8388 on Ubuntu 10.04 Server x64. This server is joined to a domain (functional level 2003) run by 2008R2 domain controllers. In a Windows server, I can grant permission for a folder and/or share to a computer account (represented by computername$). This allows services/processes running under the SYSTEM account to access these network shares. I'm trying to grant the same permissions on my Linux server but no matter what I do I cannot add a computer account to the ACL. setfacl doesn't recognize the user, and when adding it through the Windows permission dialog it just disappears after hitting apply. Is this possible with Samba?

Best Answer

Unfortunately permissions to a share cannot be granted to a computer account; only users. Yes, it looks like you should be able to do that, and the OS allows you to make the entry, but it doesn't actually work like you'd expect.

One way to get around this is, for instance if you're running a script as a scheduled task, is to mount network drive as a specific user who has access to that share, like so:

net use * \\server\share /user:DOMAIN\username

this will use the first-available drive letter (starting at Z: and going backward from XP/2003 on, but starting at the beginning in Win2k).

You can also specify a drive letter as long as it's not in use:

net use u: \\server\share /user:DOMAIN\username

When complete, don't forget to unmount the share with:

net use u: /d

(Note that you can of course test for the presense of the drive's use, or just drop the mount before mounting it, but I leave that to you.)

Related Solutions

Samba authentication when AD is down

Try This

2011/11/08 10:22:40.604819, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [xxx.yyy] -> [xxx.yyy] -> [xxx.yyy] succeeded

[2012/01/11 09:09:00.430424, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [xxx.yyy] -> [xxx.yyy] FAILED with error NT_STATUS_WRONG_PASSWORD

Samba Ignoring POSIX ACLs

Coming late to this question, I'd still like to point to the official Samba documentation for support of ACLs. This is valid for Samba 4.0.0 onwards, which certainly was not available at the time this question got asked. But since the question pops up in search engines, this link might be helpful.

The basic steps are:

1. Ensure the file system supports acls (ext4 nowadays does by default, no need for extra mount options)

2. Ensure Samba was compiled with ACL support. (Yes, by default on Ubuntu 14.04 LTS):

smbd -b | grep HAVE_LIBACL

3. Enable ACL by setting the following in the [global] section of /etc/samba/smb.conf:

vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes

For details really visit the official docs as linked to above.

Best Answer

Related Solutions

Samba authentication when AD is down

Samba Ignoring POSIX ACLs

Related Topic