File Sharing Problem With Samba & (MS)ADS

Discussion in 'Server Operation' started by papaqube, Apr 22, 2006.

  1. papaqube

    papaqube New Member

    Hi there

    Linux newbie so please bare with me.

    I am currently having some fun trying to set up an addition linux file server on my ADS domain . :rolleyes:

    Using samba i have managed to join the the linux box to the domain, i.e. 'net join ads'. No problems there, and it is now visable via 'neighbourhood network' on the windows side. I have set up a couple of shared folders on the linux box, which are also visable. However when I try to access the shares i have set up in samba i get a username and password prompt. When i enter user name and password I still cannot access the shares, and the prompt just re-appears :mad: . Here is my smb.conf:

    workgroup = MYDOMAIN
    realm = MYDOMAIN.NET
    server string = samba file server
    security = ADS
    password server = win2ksvr1
    log level = 3
    log file = /var/log/samba/%m
    max log size = 50
    server signing = auto
    printcap name = cups
    preferred master = No
    domain master = No
    wins support = Yes
    ldap ssl = no
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind separator = +

    comment = Home Directories
    valid users = %S
    read only = No
    browseable = No

    comment = All Printers
    path = /tmp
    guest ok = Yes
    printable = Yes
    browseable = No

    comment = Public
    path = /home/samba/Public
    valid users = @users, @MYDOMAIN+all, users
    force group = users MYDOMAIN+all users
    read only = No
    create mask = 0660
    directory mask = 0771

    and my smbusers like this:

    # Unix_name = SMB_name1 SMB_name2 ...
    root = administrator admin
    nobody = guest pcguest smbguest
    MYDOMAIN+testuser = testuser
    users = MYDOMAIN+all users

    I get a feeling that i have not set up the samba properly, i.e. password confirm, allowed users, etc. Also the file smbpasswd is empty.
    Any help greatly appreciated. Thanks.
  2. leibowitz

    leibowitz New Member

    Hello papaqube.

    You properly configured the whole set of domain integration. Good work.

    What you need is a step forward. To achieve completly the process you should edit the configuration of the [Public] section from the /etc/samba/smb.conf (or any path it is in).

    Add this:
    browseable = yes
    public = yes
    And you should be able to browse your Public folder with any user/pass registered in the Active Directory.
  3. papaqube

    papaqube New Member

    Hi leibowitz

    Thanks for your response.

    I have tried your suggestion, and it had some affect in that i no longer get a password prompt . I now get a prompt telling me "\\win2ksvr1\Public in not accessible. You may not have permission to use this network resource"

    Thanks again
  4. leibowitz

    leibowitz New Member

    Well, in fact it doesnt work here either.

    I tried your setup, with a Windows 2000 domain, and an Ubuntu Linux as a client. I'm working at it. I will come back asap with the fix. Fingers crossed.

    Edit: This is the log.smbd output when I try to access the share (and got the user/pass request on windows side)

    I remember have seen something like spnego and didn't know a lot about it times ago. I'm checking krb5.conf & googling to find out.
    Last edited: Apr 22, 2006
  5. papaqube

    papaqube New Member

    Hi leibowitz

    Many thanks for the help. Much appreciated.

    What a Guys !

  6. leibowitz

    leibowitz New Member

    Hey anyway I didn't found anything usefull...

    Just that apparently we are not doing right, they all seems to use security = user indeed of security = ads. But that's not clear for me.

    I cannot help you further.

    Maybe you can. Try to get as much as info as you can.

    Here is a "security = user" smb.conf file:

    Then a post where someone is trying to do exactly the same as you are trying to. And he works it but I don't know how; very interesting:

    And finally, this is not usefull at all, but maybe you doesn't know it and it will guide you:

    Have fun & Good Luck
  7. papaqube

    papaqube New Member

    Hey, thanks for all your help leibowitz. It got me on my way.

    Anyway i think i have got there ! i have commented out the [homes], not nessecary and didn't exist (doh!) as they are on the ads server. The [Public] is now is now accessable, I hadn't set the 'Access Rights' on the share. However i found that this had to be set to admin, and not writeable, level before i could wirte to the share from a windows client. smb.conf [Public] now looks like this:

    comment = Public
    path = /home/samba/Public/
    create mask = 0660
    directory mask = 0771
    read only = no
    guest ok = no
    case sensitive = no
    msdfs proxy = no
    admin users = @MYDOMAIN+allusers,@users

    A bit of a batched job i fear, but i am sure i will learn along the way.

    Anyway time for a beer as this things been bugging me all day :eek:), thanks again
  8. Lozzer

    Lozzer New Member


    I've just succeeded in implementing a SAMBA server. I found that SADMS did the job perfectly.

    I now have a W2K DC, running ADS (with Windows Services for UNIX 3.5 installed) and DNS, an IPCOP firewall box running DHCP, an FC-4 SAMBA server, and two WXPpro workstations - all working well together.

    I also found that a beer helped...


    Last edited: May 10, 2006
  9. ash05

    ash05 New Member

    Last edited: Nov 12, 2008

Share This Page