HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   File Sharing Problem With Samba & (MS)ADS (http://www.howtoforge.com/forums/showthread.php?t=3862)

papaqube 22nd April 2006 18:56

File Sharing Problem With Samba & (MS)ADS
 
Hi there

Linux newbie so please bare with me.

I am currently having some fun trying to set up an addition linux file server on my ADS domain . :rolleyes:

Using samba i have managed to join the the linux box to the domain, i.e. 'net join ads'. No problems there, and it is now visable via 'neighbourhood network' on the windows side. I have set up a couple of shared folders on the linux box, which are also visable. However when I try to access the shares i have set up in samba i get a username and password prompt. When i enter user name and password I still cannot access the shares, and the prompt just re-appears :mad: . Here is my smb.conf:

[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.NET
server string = samba file server
security = ADS
password server = win2ksvr1
log level = 3
log file = /var/log/samba/%m
max log size = 50
server signing = auto
printcap name = cups
preferred master = No
domain master = No
wins support = Yes
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No

[printers]
comment = All Printers
path = /tmp
guest ok = Yes
printable = Yes
browseable = No

[Public]
comment = Public
path = /home/samba/Public
valid users = @users, @MYDOMAIN+all, users
force group = users MYDOMAIN+all users
read only = No
create mask = 0660
directory mask = 0771

and my smbusers like this:

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
MYDOMAIN+testuser = testuser
users = MYDOMAIN+all users

I get a feeling that i have not set up the samba properly, i.e. password confirm, allowed users, etc. Also the file smbpasswd is empty.
Any help greatly appreciated. Thanks.

leibowitz 22nd April 2006 20:31

Hello papaqube.

You properly configured the whole set of domain integration. Good work.

What you need is a step forward. To achieve completly the process you should edit the configuration of the [Public] section from the /etc/samba/smb.conf (or any path it is in).

Add this:
Code:

browseable = yes
public = yes

And you should be able to browse your Public folder with any user/pass registered in the Active Directory.

papaqube 22nd April 2006 22:37

Hi leibowitz

Thanks for your response.

I have tried your suggestion, and it had some affect in that i no longer get a password prompt . I now get a prompt telling me "\\win2ksvr1\Public in not accessible. You may not have permission to use this network resource"

Thanks again
Papa

leibowitz 22nd April 2006 22:56

Well, in fact it doesnt work here either.

I tried your setup, with a Windows 2000 domain, and an Ubuntu Linux as a client. I'm working at it. I will come back asap with the fix. Fingers crossed.

Edit: This is the log.smbd output when I try to access the share (and got the user/pass request on windows side)

Quote:

smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
I remember have seen something like spnego and didn't know a lot about it times ago. I'm checking krb5.conf & googling to find out.

papaqube 22nd April 2006 23:52

Hi leibowitz

Many thanks for the help. Much appreciated.

What a Guys !

Papa

leibowitz 23rd April 2006 00:14

Hey anyway I didn't found anything usefull...

Just that apparently we are not doing right, they all seems to use security = user indeed of security = ads. But that's not clear for me.

I cannot help you further.

Maybe you can. Try to get as much as info as you can.

Here is a "security = user" smb.conf file:
http://beau.org/pipermail/whitebox-u...ch/000837.html

Then a post where someone is trying to do exactly the same as you are trying to. And he works it but I don't know how; very interesting:
http://archive.netbsd.se/?ml=samba&a=2004-03&t=91381

And finally, this is not usefull at all, but maybe you doesn't know it and it will guide you:
http://us1.samba.org/samba/docs/man/...ide/index.html

Have fun & Good Luck

papaqube 23rd April 2006 03:34

Hey, thanks for all your help leibowitz. It got me on my way.

Anyway i think i have got there ! i have commented out the [homes], not nessecary and didn't exist (doh!) as they are on the ads server. The [Public] is now is now accessable, I hadn't set the 'Access Rights' on the share. However i found that this had to be set to admin, and not writeable, level before i could wirte to the share from a windows client. smb.conf [Public] now looks like this:

[Public]
comment = Public
path = /home/samba/Public/
create mask = 0660
directory mask = 0771
read only = no
guest ok = no
case sensitive = no
msdfs proxy = no
admin users = @MYDOMAIN+allusers,@users

A bit of a batched job i fear, but i am sure i will learn along the way.

Anyway time for a beer as this things been bugging me all day :o), thanks again

Lozzer 10th May 2006 12:27

papaqube,

I've just succeeded in implementing a SAMBA server. I found that SADMS did the job perfectly.

I now have a W2K DC, running ADS (with Windows Services for UNIX 3.5 installed) and DNS, an IPCOP firewall box running DHCP, an FC-4 SAMBA server, and two WXPpro workstations - all working well together.

I also found that a beer helped...

Regards,

Lozzer.

ash05 10th November 2008 12:25

You properly configured the whole set of domain integration. Good work.

What you need is a step forward. To achieve completly the process you should edit the configuration of the [Public] section from the /etc/samba/smb.conf (or any path it is in).

Adventure Tour | Adventure Tourism
Condos, Condos for Sale, Buy a Condo


All times are GMT +2. The time now is 16:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.