I am trying to get our prototype Linux workstation to allow users to see shares on our legacy MicroSoft Windows-2000 Domain Server, I can find guides for setting up Samba as a Primary Domain Controller but I cannot seem to locate any good and expansive guide for setting up a samba workstation and just joining the domain. Perhaps this is so trivial a process no-one thinks that it requires such a guide.
We have user logins to that workstation using the existing Windows Domain controller for authentication but I cannot seem to unlock how to allow access to the shares. We have CUPS configured to the networked printers but I had to use the administrator's id and password to get that to work.
I am really looking for a comprehensive guide to the entire process from the CentOS workstation point of view and any pointers to such are earnestly sought. I found this site: http://linux.unimelb.edu.au/server/course/fc3/samba.html which seems to fairly complete but I lack sufficient experience with samba and kerberos to determine exactly what this is telling me. I believe at this point that I should be using the "ADS security model" but I have no idea what a "kerberos realm" is (at least with respect to an existing MicroSoft Domain). I also lack the knowledge of how to configure this portion of the set up so a guiding hand is most welcome.
Our fqdn for the Microsoft domain is "brockley.harte-lyne.ca"
I have set up the samba server setting to this:
Basic: Workgroup: brockley Description: <fqhn of Linux workstation>
Security: Auth Mode: ADS Auth. Server: BRDC-01.Brockley.Harte-Lyne.ca Kerberos Realm: blank (and I cannot set it so that the setting is preserved) Encrypt Passwords: Yes Guest Account: No Guest Account
Regards,
-- James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
James B. Byrne wrote:
I am trying to get our prototype Linux workstation to allow users to see shares on our legacy MicroSoft Windows-2000 Domain Server, I can find guides for setting up Samba as a Primary Domain Controller but I cannot seem to locate any good and expansive guide for setting up a samba workstation and just joining the domain. Perhaps this is so trivial a process no-one thinks that it requires such a guide.
We have user logins to that workstation using the existing Windows Domain controller for authentication but I cannot seem to unlock how to allow access to the shares. We have CUPS configured to the networked printers but I had to use the administrator's id and password to get that to work.
I am really looking for a comprehensive guide to the entire process from the CentOS workstation point of view and any pointers to such are earnestly sought. I found this site: http://linux.unimelb.edu.au/server/course/fc3/samba.html which seems to fairly complete but I lack sufficient experience with samba and kerberos to determine exactly what this is telling me. I believe at this point that I should be using the "ADS security model" but I have no idea what a "kerberos realm" is (at least with respect to an existing MicroSoft Domain). I also lack the knowledge of how to configure this portion of the set up so a guiding hand is most welcome.
Our fqdn for the Microsoft domain is "brockley.harte-lyne.ca"
I have set up the samba server setting to this:
Basic: Workgroup: brockley Description: <fqhn of Linux workstation>
Security: Auth Mode: ADS Auth. Server: BRDC-01.Brockley.Harte-Lyne.ca Kerberos Realm: blank (and I cannot set it so that the setting is preserved) Encrypt Passwords: Yes Guest Account: No Guest Account
Are you making sure that you re-start the Samba server after making any configuration changes?
I'm only asking as this one has caused a few "Homer" moments for me (doh!).
David Ellsmore wrote:
James B. Byrne wrote:
I am trying to get our prototype Linux workstation to allow users to see shares on our legacy MicroSoft Windows-2000 Domain Server, I can find guides for setting up Samba as a Primary Domain Controller but I cannot seem to locate any good and expansive guide for setting up a samba workstation and just joining the domain. Perhaps this is so trivial a process no-one thinks that it requires such a guide.
We have user logins to that workstation using the existing Windows Domain controller for authentication but I cannot seem to unlock how to allow access to the shares. We have CUPS configured to the networked printers but I had to use the administrator's id and password to get that to work.
I am really looking for a comprehensive guide to the entire process from the CentOS workstation point of view and any pointers to such are earnestly sought. I found this site: http://linux.unimelb.edu.au/server/course/fc3/samba.html which seems to fairly complete but I lack sufficient experience with samba and kerberos to determine exactly what this is telling me. I believe at this point that I should be using the "ADS security model" but I have no idea what a "kerberos realm" is (at least with respect to an existing MicroSoft Domain). I also lack the knowledge of how to configure this portion of the set up so a guiding hand is most welcome.
Our fqdn for the Microsoft domain is "brockley.harte-lyne.ca"
I have set up the samba server setting to this:
Basic: Workgroup: brockley Description: <fqhn of Linux workstation>
Security: Auth Mode: ADS Auth. Server: BRDC-01.Brockley.Harte-Lyne.ca Kerberos Realm: blank (and I cannot set it so that the setting is preserved) Encrypt Passwords: Yes Guest Account: No Guest Account
Are you making sure that you re-start the Samba server after making any configuration changes?
I'm only asking as this one has caused a few "Homer" moments for me (doh!).
Hi James,
Well here was something else that got me for a bit and was makeing me
:o . Are you running a firewall, if so do you have ports 137, 139, and
445 open up on your lan side? Just a thought. HTH
Lee Perez
Following along on my quest for Windows and Samba harmony it seems to me that because we do not allow "everyone" access to our domain shares but restrict access to a special Windows security group that this might be at the "root" (pardon the pun) of my difficulties. It appears that "everyone" is the group membership that all Linux samba "users" map to by default. So perhaps the answer lies in the smb.conf file and specifically in the entry "force group". Does anyone on the list have experience with using this technique and if so can they comment on it?
As it happens our security group name has both spaces and the character "&" in it so if this is going to cause issues I would like to be informed about any group naming limitations as well.
Regards, Jim
-- James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
-
David Ellsmore -
James B. Byrne -
Lee Perez