LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-16-2013, 02:05 PM   #1
watts3000
Member
 
Registered: Jul 2004
Posts: 57

Rep: Reputation: 15
using samba in a domain environment


I am having problems getting Samba to authenticate AD users to Samba shares. Since I need to get our file server back online I think I will just run Samba as a standalone server. The problem with that is I have a AD domain so I have some concerns. First off can Samba serve files to users that are part of a domain without the Samba server having to join the domain? Also how are passwords handled when the user changes there password I assume that it would also have to be changed on the Samba server?
 
Old 06-17-2013, 10:19 AM   #2
wpeckham
Member
 
Registered: Apr 2010
Location: USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix
Posts: 775

Rep: Reputation: 173Reputation: 173
AD membership

1. You should be able to get the SAMBA server into the domain, and get authentication working.
2. It is non-trivial. There are a LOT of places to touch, and a LOT of obsolete/bad information out there.
3. Samba, Linux, PAM, and AD have changed a LOT in a relatively short period of time. Make sure you are using RECENT instructions.

I have a Linux server active in the domain. Domain users can log into it using the windows credentials or local credentials. The user mapping is not QUITE the same as in older versions, so they lack write access to their home folders if they use the windows credentials, but it all works well enough.

It has all changed from the older versions, and the newer versions are another and bigger change. That said, the latest versions do almost everything BETTER!

The bad thing: the instructions I followed would do you no good whatsoever if all of the versions did not match well. I suggest you use the latest versions that you can find complete instructions and documentation for, and try again. Once you have full integration, you observe power and benefits from the combination that are likley to be greater (but different) than you could foresee!
 
Old 06-19-2013, 05:16 PM   #3
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL5/6, Solaris 10/11, NetBSD, OpenBSD, FreeBSD, MacOS
Posts: 221

Rep: Reputation: 40
HI,

I'd have to second what wpeckham said - there are a lot of not so useful docs out there (including what's on the Samba website itself) that often apply to older versions of software. I'd also agree that in a number of cases, newer versions of software are better.

On a modern version of Samba, you should not have too much trouble joining the domain. Passwords should also not be an issue if you use kerberos authentication - the kerberos ticket the windows user already has should give them access to samba, or alternatively kerberos authentication can be performed against the AD domain. One big advanatage we have in our environment - all the user accounts are also available in NIS so can just be added to a 'valid users' config line in samba.

You don't give any specifics, but in short, yes this will work and on a large scale (we had somewhere around 50,000 users and 50T of data before migrating) so you should be able to make this work.

Cheers,
Steve
 
Old 07-04-2013, 05:50 PM   #4
Cr45h
LQ Newbie
 
Registered: Sep 2008
Location: UK
Distribution: Debian
Posts: 10

Rep: Reputation: 0
Both are absolutely right.

I always run in trouble whenever they ask me to get samba use AD credentials for shares.

First of all you have to join the linux server on AD; once you are able to retrieve user lists (wbinfo), then comes the tricky part: configure samba.

I have I think a dozen or so of different links talking on how to integrate samba with AD. The bad part is most of them are old, and you have to mix and match information to achieve the correct config file for samba.

Actually I'm running in trouble because one of that "configured and forgotten" servers is no more able to authenticate users on AD because we upgraded one of our DC to WS2012 and suddenly authentication stops to work.

I spent hours on config files and internet, just to find out that the Samba version installed is too old and there's a sort of "bug" that prevents users to correctly authenticate.

No way to sort it out except to reinstall almost half of that linux box.

Samba docs is really dodgy and, let me say, crap.
 
Old 07-04-2013, 07:34 PM   #5
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,996

Rep: Reputation: Disabled
Quote:
Originally Posted by Cr45h View Post
I have I think a dozen or so of different links talking on how to integrate samba with AD. The bad part is most of them are old, and you have to mix and match information to achieve the correct config file for samba.
I'd have to agree. There's been a lot of development in Samba over the last 3 or 4 years, and while this means lots of bugs have been fixed and very useful functionality has been added, it also means most documentation is woefully out of date. It got to the point where even swat was unable to generate a working configuration with regards to ID mapping, but that's fixed now. swat has been removed altogether.

Quote:
Originally Posted by Cr45h View Post
I spent hours on config files and internet, just to find out that the Samba version installed is too old and there's a sort of "bug" that prevents users to correctly authenticate.
There's a simple (?) fix for that problem: never, ever use an old version of Samba.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
domain users can't access samba shares on domain member server noahbeach Linux - Server 1 11-24-2010 05:16 AM
Samba loginless share in domain environment ACiD GRiM Linux - Server 1 11-30-2009 07:20 PM
How to access samba share in a Windows domain environment qdog007 Linux - Software 6 02-28-2007 11:56 PM
Samba 3.0.21a and Samba Domain Member Servers in a Windows 2003 ADS Domain ramz Linux - Networking 3 04-09-2006 08:26 PM
seeking clarification- Samba CAL License usage with W2K AD Domain network environment integr8er Linux - Enterprise 7 10-06-2004 05:50 PM


All times are GMT -5. The time now is 07:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration