[SOLVED] Connecting to a Samba server (not on domain) from windows domain pc
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
given to copy libnss_winbind.so in /lib/
and pam_winbind.so into /lib/security/ i copied...
then when i join it it gives error...
Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]
[/usr/bin/net join -w win.co.in -S windc -U Administrator] // here win.co.in is window server domain name
Unable to find a suitable server
Unable to find a suitable server
also what to write in winbind configuration field for - 'window domain' 'winbind ads realm' 'security model' ' window domain controller' and 'templat shell'.......
Last edited by centos123; 07-02-2011 at 12:41 AM.
It has been quite a while since I last tried to set something like this up and I have forgotten a bit of it. Your error message makes me think that you are missing a configuration that goes with LDAP. There is a set of parameters where you specify the domain, and values for OU, CN, and so forth. Have you performed this step?
I have some bookmarked how to documents that helped me with this process. They are on my office PC and I won't have access to it till Tuesday.
i configured only kerbores and winbind ..not ldap.dont know about ldap..
could you please help me to configure wirte file..i think iam doing some mistake in krb5.conf file.
here is my configuration....
dude, you went too far in the wrong direction with your problem. you don't need to configure kerbores, winbind or ldap to have a simple samba file sharing. your server does not have to be on the same domain with windows users to be accessed.
I'm managing a big network with several workgroups and domains and I have a samba share accesible from any workgroup or domain.
All you need is a fresh smb.conf file (the one you have now might be messed up) and follow this settings:
uncomment interface and hosts allow
modify interface with your prefered interface (eth0, eth1...)
add to hosts allow the ip class of your allowed hosts (192.168.0.0/24 or 172.16.0.0/16 etc.)
add this settings under Global:
hide unreadable = yes
refresh = 1
somewhere you will find "security = user" (uncommented) change it to
security = share
I mean change eth0 with your network interface you are using inside your lan. If you have a server with two network cards eth0 for internet and eth1 for lan then you should open those ports for eth1 interface.
From my readings centos is based on red hat just like fedora. I had fedora and I wanted the same thing you want: samba share for all workgroups and domains from my network. I was able to see the first folder of my share but not able to access it. Always the same error:
"You might not have permission to use this Network resource.
The network path was not found."
Solved the problem with this command:
setsebool -P samba_enable_home_dirs on
if not working try this one:
or check smb.conf there you cand find information about this line right at the beginning of smb.conf
panseluta: you went too far in the wrong direction with your problem. you don't need to configure kerbores, winbind or ldap to have a simple samba file sharing. your server does not have to be on the same domain with windows users to be accessed.
centos123rompt me to enter PASSWORD FOR Administrator@<WINDOW DOMAIN SERVER> and in red color a warning message is written as " your credential has been expired. in tab written "Renew Ticket" "cancel"...
Asking for domain administrator password and expired TICKETS shouts Kerberos trouble. Centos123, you MUST start using your log files and look for error and warning messages. Troubles like "my gnome problem" are not nearly descriptive enough to provide accurate answers to.
The question also remains as to what is your end objective? The instructions above by Panseluta are for a SIMPLE Samba share that will give everyone read, write permission without authentication. Is this what you want? From what you have been describing you are trying to implement domain authentication to access a Linux machine. There are three components to this: Samba, kerberos and LDAP. The Samba provides the windows networking compatibility, Kerberos allows the machines to authenticate and trust each other via tickets, and LDAP handles the user authentication.
If you followed the suggestions by Pensulat where you create a storage folder with 0777 permissions and make it browseable = yes, writeable = yes, guest ok = yes, this did not solve your domain and samba authentication issues. Instead it simply masked the problem by creating an insecure free access for anybody communal space. If you really are trying to handle confidential, departmental files, this would be the absolute wrong approach. At a minimum, you will need to create Samba users and Passwords. Your idea of using a true authentication system is a much better approach.
I am not trying to be harsh with you, but I also don't want to see you wind up in the security forum saying "please help, my system has been hacked", which is what the approach outlined above is setting you up for.
path = /home/news
browseable = yes
writeable = yes
valid users = reptile sonya scorpion (you can also enumerate a bunch of users separated by spaces but you also have to use "create mask = " and "directory mask = ")
create mask = 0660 (for example)
directory mask = 0770 (for example)