+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Wireless Networks Thread, sambafile server windows domain in Technical; I heard some people mention they used samba for their file servers seemlessly in their windows domains. Just wondered if ...
  1. #1
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0

    sambafile server windows domain

    I heard some people mention they used samba for their file servers seemlessly in their windows domains.

    Just wondered if anyone can give me any tips, mainly on which security they use.

    Is it best to try and incorporate active directory security with linux, or do you just use samba security?

    Thanks.

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    This is the config I use:
    Samba Homedirectory - Wiki

    The security settings come from teh AD groups/users

  3. #3

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,723
    Thank Post
    1,286
    Thanked 797 Times in 693 Posts
    Rep Power
    239
    Quote Originally Posted by duxbuz View Post
    I heard some people mention they used samba for their file servers seemlessly in their windows domains.
    This thread might prove a useful addition to the wiki link mentioned above:

    Configuring Samba

    We now have a half-dozen or so file servers running Samba. They all work very well, however I've come accross an issue trying to mount home directories from another Linux machine, as detailed at the end of that thread above. I couldn't get our LTSP server to log users on when using Samba authentication, so I switched to using Likewise-Open for AD integration. This works fine, but now I can't get the UID on the two machines to match up - I'll have to re-install the file server using Likewise-Open instead of Samba. This probably won't be an issue in your environment unless you;re using LTSP thin clients too, but you might want to use the RID backend for UID assignment just for a spot of future-proofing.

    --
    David Hicks

  4. #4

    Join Date
    Jun 2008
    Posts
    17
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Exactly what dhicks said. The syntax for rid mapping is:

    idmap uid = 70000-1000000
    idmap gid = 70000-1000000
    idmap backend = rid:”EXAMPLE=70000-1000000″

    Where EXAMPLE is the short domain name. It will then use 70000 + the last four digits of the user's SID.

    This is how I did it: Ubuntu 10.04 Active Directory Authentication | Run Level 3

    A few other things I tweaked were the following settings:

    winbind cache time = 60 <- default is 300, so if you add an AD user, it won't show up for 5 mins on the linux server.

    see smb.conf

  5. #5
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0
    Thanks

    I was trying to work through this:
    https://help.ubuntu.com/community/Samba/Kerberos

    But i fell at the first hurdle, which always seems to be the case with these linux tutorials.

    kadmin -p admin/admin

    Authenticating as principal admin/admin with password.
    kadmin: Client not found in Kerberos database while initializing kadmin interface

    I then proceded to spend rest of day looking at other tutorials that had me:
    kadmin.local: listprincs
    kadmin.local -q "addprinc admin/admin"

    all sorts of stuff basically.

    But am now going to have a look at this other one on notrainers.

    Cheers

  6. #6

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,723
    Thank Post
    1,286
    Thanked 797 Times in 693 Posts
    Rep Power
    239
    Quote Originally Posted by duxbuz View Post
    But i fell at the first hurdle, which always seems to be the case with these linux tutorials.
    What Linux distribution are you using? I used Debian, and I'm pretty sure the latest version of Ubuntu should be the same: I typed

    apt-get install samba smbclient winbind krb5-doc krb5-user krb5-config

    at the command line, and it pretty much configured itself.

    --
    David Hicks

  7. #7

    Join Date
    Jun 2008
    Posts
    17
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Let me know if you have any difficulties with that notrainers guide and I'll update it accordingly.

  8. #8
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0
    Hello,

    Made some slight progress with getting samba and AD to work together.

    When i restart machine, i have to restart some services after i ssh back into linux. krb5-admin-server and krb5-kdc

    Then i have to rejoin net ads join -u Administrator

    i then get wbinfo -g and wbinfo -u to work

    I am not sure then waht to do.

    I dont seem to be able to log into ssh using AD accounts, and i wasnt able to use a UNC path to samba with an AD accounts credentials either.

    Whats my next step anyone.

    Thanks.

  9. #9

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,723
    Thank Post
    1,286
    Thanked 797 Times in 693 Posts
    Rep Power
    239
    Quote Originally Posted by duxbuz View Post
    i wasnt able to use a UNC path to samba with an AD accounts credentials
    Do you have the line:

    winbind use default domain = yes

    in smb.conf?

    --
    David Hicks

  10. #10
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0
    Yes i have that line in there.

  11. #11

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,723
    Thank Post
    1,286
    Thanked 797 Times in 693 Posts
    Rep Power
    239
    Quote Originally Posted by duxbuz View Post
    Yes i have that line in there.
    Hmm, odd - "wbinfo -u" brings up a list of all your domain users, obviously? Have you set the share permissions in smb.conf so that the user you're trying to log on to the Samaba server with actually has permissions to see the share?

    --
    David Hicks

  12. #12
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0
    hi

    i may have configured the home directory section incorrectly, i used the samba homedirectory wiki, which mayb be a little convoluted for me.

    Have you got a simple home example i could maybe use for testing.

    Thanks.

  13. #13

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,723
    Thank Post
    1,286
    Thanked 797 Times in 693 Posts
    Rep Power
    239
    Quote Originally Posted by duxbuz View Post
    Have you got a simple home example i could maybe use for testing.
    Configuring Samba

    Also, regarding not being able to log in via SSH:

    Configuring Samba

    --
    David Hicks

  14. #14
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0
    Hi,

    I still cannot log on with ssh or via unc \\servername\. not sure if i am using the correct format for a username though, tried username, username@fqdn.co.uk, username+fqdn.co.uk, username+netbios, etc

    I have another issue, it appears that if i leave the machine for a period of time i seem to lose my connection to AD.

    I then receive:
    [2010/06/25 10:26:44, 0] utils/net_ads.c:ads_startup(191)
    ads_connect: Invalid credentials

    after i try the sudo net ads join -U Administrator command.



    I try and run

  15. #15
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0
    Hi

    One more afterthought...

    I seem to have problems with none of the users being able to access their My Documents at the moment, on the network.

    Could this be related to the hacking around with linux and samba i have been doing?

    Just rebooting the DC with my fingers crossed.

    :-S



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Windows 7 clients on Server 2003 domain
    By Earthling in forum Windows 7
    Replies: 3
    Last Post: 9th September 2010, 02:00 AM
  2. Replies: 7
    Last Post: 30th April 2010, 05:35 PM
  3. Promoting Windows Server 2008 R2 as DC + DNS in 2003 AD Domain
    By albertwt in forum Windows Server 2008 R2
    Replies: 8
    Last Post: 4th November 2009, 09:27 AM
  4. Thinclients, RIs, TFTPD server on windows domain
    By tosca925 in forum Thin Client and Virtual Machines
    Replies: 11
    Last Post: 16th March 2007, 11:57 PM
  5. Linux File Server in Windows Domain...
    By Netman in forum *nix
    Replies: 2
    Last Post: 15th February 2007, 07:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •