Ubuntu Servers :: Create Samba File Share To Windows Domain Clients?
Apr 28, 2010
I feel ashamed for even asking this, since it seems like there's about 3 samba questions here every day. However after an hour of searching, I keep finding strange variants that aren't what I need.
My Goal: Create a single file share on an Ubuntu Server - share it via samba to Windows clients that are on a domain with active directory. It sure would be nice if AD authentication would work - so users don't have to type in a linux user/passsword each time they want to access the share.
In my adventures, I've found the following items (which may overlap)
1. Joining the server to a Windows Domain
2. Turning the server into a Windows Domain Controller
3. Authentication with LDAP (still not quite sure how/what this would do)
4. Stuff with Kerberos
5. Lots of people bickering about Samba 3/4 & how it's impossible to make Samba a PDC.
I'm not sure if I need to make the ubuntu server a domain controller or not...all I want to do is create a file share and share it on the domain...I don't need to make the ubuntu server a domain controller for that, right? Maybe just a member? Maybe nothing at all?
I guess if I want to authenticate stuff correctly (or forward authentication requests? Not sure), I probably need to join the ubuntu server to the domain...I think.
But let's say I do join it to the domain...then how to I create a file share that is authenticated via active directory rather than a local ubuntu server account? I see a dozen guides on joining the server to the domain, but nobody ever mentions sharing the folder over the domain.
The lines are also blurred between joining Ubuntu to the domain and making it a domain controller. What should I keep an eye out to avoid in these tutorials?
I get lost between the Kerberos/LDAP/Samba/WinBind etc...and I have a feeling I don't need all of these for something this simple.
We've been running samba on linux for a while and everything was fine. All of a sudden when you add new clients to the domain you get the error message :Logon Failure:unknown user name or bad password. This to me seems like a windows error message and not a samba error. When you remove an existing machine (ie on domain) and then try to rejoin it to the domain you fail.
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
I have Ubuntu server 10.04 joined to a domain using Likewise Open. I can login using my domain credentials and have added my domain account to the sudoers file. Now that I've got it joined to the domain I want to add some samba shares and have domain members use their accounts to access them. However, no matter what combination of my domain name and the domain user or group I use in the valid users field it won't let me in. What's the proper way of inputting a domain user or group in the valid user field?
This is the entry I'm using for the share:
Code: [testshare] path = /srv/testshare valid users = @"Domain Name+Domain Group" (Have tried many things here) public = no writable = yes printable = no create mask = 0765
I am trying to create a Samba share on Ubuntu so that I can see it on my Windows computer but have had nothing but trouble. I've tried everything that I could find in Google but the best I can get is that my Ubuntu computer shows up as Unknown device on my Windows computer. Unfortunately, my Windows computer belongs to my company or I would just switch to Ubuntu altogether. I have posted a couple of screenshots of what I see in Windows, my GParted partitions, and the options that I have enabled for the folder I am trying to share. Below are my fstab and my samba files from Ubuntu. I am sure that this is just some rookie mistake as I am new to Ubuntu. It certainly seems that this should be easy, but I just can't get it.
I've been configuring a PDC using samba I used this tutorial url as reference. It seems all went well during the installation and configuration not until when I try to join a windows machine to the domain.
Scenario: When the authentication dialog box prompts the username and password of the domain administrator. I supply root as username and its corresponding password. Then I will prompt an error "The user name could not be found. But, I have noticed that when I supply a wrong password of root the it will prompt "Login failure: unknown user name or bad password. It seems that the windows machine was able to recognize the account somehow.
First of all I am new user on fedora forum and I love Linux (special Redhat flavours) and want to replace windows into Linux Everywhere. I am having some issue in configuring PDC on Fedora,I want to replace my company Windows Domain controller and file server into fedora file and PDC, I tried from web and through 389-directory server but didn't succeed even once, how to configure PDC with Samba 4 + 389-directory Server, I have heard samba 4 is having awesome support and its better then windows DC, configuring Complete PDC. (Whatever need to configure PDC i.e. DNS, SAMBA 4, SWAT, WEBMIN, 389-Directory Server, Windows sync,).
Intent is to use samba+winbind to authenticate Ubuntu desktop against a Windows 2008 R2 domain (seems like I was able to get it working temporarily but it stopped working after some time). Quick overview of the issue: winbind is failing to lookup group ID's for a domain user causing the domain user to receive group errors on login and an inability to use domain groups in other configuration (sudoers, etc)
- Very basic install, boot to Ubuntu Desktop 10.04 LTS 64bit install, basic install options, perform software updates
- Following an Ubuntu AD HowTo [URL]
- Install kerberos, samba, winbind packages
- Make changes to krb5.conf, smb.conf, files in pam.d/ (to make the home directory and restrict login based on group membership, which works even in the half-working state but requires SID instead of text name)
After a reboot I can login as a domain account but I get the following error(s):
groups: cannot find name for group ID #####
##### is usually a number that ranges from 10000 to 10020, based on the smb.conf line regarding idmap I will get multiple group errors (one for each group that the user belongs to that winbind can't lookup for whatever reason, some groups can be resolved - see below) If I log-out and then log-in as a local user I can run the following command: id username The output returns something similar to the following:
uid=10002(username) gid=10003(domain users) groups=10003(domain users),10033,10032,10031,10030,10029,10028,10027,1 0026,10025,10024,10023,10022,10021(some group),10020,10019,10018(some other group),10017,10016,10015,10014,10013,10012,10011(s ome other other group),10010,10009,10008,10007
On a working system (Ubuntu 10.10 and when 10.04 decides to work) each group is followed by parenthesis' and the name of the group, this result clearly shows that some groups can be looked up but for some reason other groups are failing An output of /var/log/samba/log.winbind produces the following entries (that are logged when you run the id command)
The above repeats for what looks to be each group that fails (based on count of entries)If I use wbinfo I can resolve text group name to SID and SID to GID
wbinfo -n groupname (returns proper SID) wbinfo -s SID (returns proper text group name) wbinfo -Y SID (returns proper linux mapped group ID)
Following that process for a group that my user belongs to that is not resolving (via the id username command) will return the group ID (GID) properly (even though id username fails to lookup info for that same GID) Version Information:
uname -a Linux hostname 2.6.32-33-generic #71-Ubuntu SMP Wed Jul 20 17:27:30 UTC 2011 x86_64 GNU/Linux lsb_release -a No LSB modules are available.
I use OpenSuse 11.3 and I successfully built a samba/openldap server. However the raoming profiles were not working so I removed the roaming profile part of the samba and the openldap using ldap account manager. I also rejoined a couple of the computers back to the domain successfully (it was not an instaneous join, it took a good minute or 2 to join each pc). Now I cannot cannot login to any of these computers with the domain credentials. I can share using the UNC path no problem and this was working find about 1 week ago.
On 1 of the computers Iw as able to finally get a log file saying this:
Im currently using an english book to setup my samba server, and im having problems understanding it.
I dont want to use root to join clients to the domain; i prefer creating a plain user.
Ok, so, the steps i follow are:
net groupmap add unixgroup=srvadmins ntgroup="Server Admins" net groupmap add ntgroup="Domain Admins" unixgroup=dmnadmins rid=512 type=d net rpc rights grant 'ORAServer Admins' seMachineAccountPrivilege
This way, i have a group called srvadmins with permissions to join clients, a group called dmnadmins with permissions to manage users and other permissions, and root.
Now, users: "root", "dmnadmin"(from dmnadmins group) and "srvadmin" (from srvadmins group) can add machines to domain. Root because is root, srvadmin because i granted permissions, and dmnadmin because is admin
So i wonder, why srvadmins group is needed to be granted privileges?
I tryed to lower dmnadmins privileges by revoking semachineaccountprivilege privilege, but didnt worked
net rpc rights revoke 'ORADomain Admins' seMachineAccountPrivilege
looks like its privileges comes from another group and it user managed to add a machine to the domain correctly.
Ok, so, is this really usefull? why do i need 3 kind of users to be able to join to the domain?
On all of my xp clients no matter what the username is is I am continously getting the error saying that the profile cannot be found. I just built this domain recently and since day 1 the roaming profiles have not worked.
I had a connection to my other Windows computer the other day automatically in the Places-->Network-->Windows Network folder but it now seems to have disappeared. I tried going to Place connect to server and typing in the WIndows computer name but it won;t connect and errors out. I also tried the IP: Cannot display location "smb://%5C%5C192.168.1.36/"
I've installed Ubuntu Server 7.10 Gutsy and Webmin 1.500 on it. The thing that I want to do is: I want to share a folder an sub folders for windows users ( guest user) I should modify those folders from my ubuntu desktop 9.10 karmic they are all same folders. Is it possible? if yes how can i make it. you can tell from webmin or samba configuration file.
i manged to get a samba server up and running to share with my windows machines. But i still want more. My main goal is to be able to share my movies. I have a laptop hooked to my flat screen with 3TB's of external drives, thats whats acting as my server. I have ubuntu desktop installed because i use it to play movies also.
I'm looking to set up something that is a little faster than samba (yes i no trying to share through USB 2.0 external drives and a wifi connection isn't going to be real fast no matter what) but i want to be able to access my server remotely. like maybe FTP? but what i'm asking here is what protocol should i use and what programs? i was thinking gadmin-proftpd and then filezilla to access?
if i try to connect to my samba server ( share ) from my windows xp ( or vista, i've tried both ) it says, that the network share cannot be found. i've installed all necessary rpms on my fedora 10, necessary for running a samba server:
In my work I want to build up a Linux based network, where windows and linux clients are going to share a Thecus network drive.Each client will have specific permissions for accessing the samba shares. I have installed Ubuntu SRV 10.4 with gui and webmin.
I've got my Samba shares up and running. I can stream files from the server, I can create files on the server, and I can copy files from the server.
Running a Windows program (from a Windows box) directly from the Samba server, however, is turning into a nightmare. I'm getting Access is Denied errors from the Windows box, yet I can copy/create/etc from the entire directory with no problems.
Are there any special permissions I need to run EXE files from a Windows box, located on a Samba share? I've already chmod'd everything to 777, and I show full access when ls -Z is used.
i need to allow window domain controller user to use file share of linux.windows DC user can see the share file and directories of linux file server but not able to access.
below is brief--
I have a Linux machine which is on my network but not on my domain. I have configured SAMBA FILESERVER for file sharing purpose. I have a Windows XP PC which is on the domain(windows server) that I am trying to connect to a share on the Linux box. I supply my credentials but regardless of which login I use I always get Logon Failure. I have created an account on the Linux machine with the same user name and password as my domain account but so far no luck. Can I connect from a domain PC to a non-domain Linux box? Is there something else I should be checking?
I have an existing windows domain set up, Server 2008 R2.My active directory server doubles as my DNS server. I would like to add an Ubuntu DNS server to the domain. So far, I have installed the server and installed bind9, webmin, and a static IP.However, I'm not sure where to go from there, I would really like to find a way for all of the information on my Windows server to replicate to my Ubuntu server. Is that possible?
I have a samba share setup as the following. When I browse to it from PC's added to my AD domain, they connect instantly. When i browse to it from a laptop that's not part of the domain, i get prompted for login credentials. what credentials should I be putting in? I can't seem to figure it out. or is it because i have the workgroup set to what my AD domain name is, and the laptops aren't part of that domain.
path = /data/photos browseable = yes force user = pictures force group = picturesgroup
I have an internal domain (dev.lan) for which my Ubuntu server is authoritative. We have a number of subdomains under that domain (test.dev.lan, svn.dev.lan, etc.). The server also acts as the primary DNS server for my office. It was originally set up under Ubuntu 8 and worked great.
However, ever since we upgraded to Ubuntu 10, our Windows clients periodically lose the ability to resolve domains on the dev.lan domain. Internal IP addresses can still be pinged from the Windows machines so it does not appear to be a network-connectivity issue. External domain names continue to resolve without any problems. The only workaround is to restart networking on the Windows clients. It's frustrating because it happens several times a day.
i need to configure Redhat Linux as Domain Controller in my organisation, whee all of my clients PC's will be Windows XP or Windows 7 ( where i can login through Domain users ). what exactly i need to configure in Redhat Linux, i heard Configuring Samba as PDC is quite enough ? is that right ? then what is Open LDAP ? should i need to Configure Open LDAP also ?
Here I am editing /etc/samba/smb.conf and trying to remember what I should chmod the directory and the files to, then I think to myself there's probably an easier way. That way should be clear to the user.
There's dropbox and Ubuntu one but these are something slightly different, these sorts of things involving a cloud service or something needing to download to Windows clients, which is not what we want if we don't have an internet connection. So, is there a better way? Something to aide making smb.conf and permissions perhaps?
i have Centos 5.3 installed with TXT mode i want to create and share one folder to be accesible to me from the network, to download and share files into it with my Host, i created the folder but dont know how to share it,