[SOLVED] Connecting to a Samba server (not on domain) from windows domain pc
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
given to copy libnss_winbind.so in /lib/
and pam_winbind.so into /lib/security/ i copied...
then when i join it it gives error...
Shutting down Winbind services: [ OK ]
Starting Winbind services: [ OK ]
[/usr/bin/net join -w win.co.in -S windc -U Administrator] // here win.co.in is window server domain name
Unable to find a suitable server
Unable to find a suitable server
also what to write in winbind configuration field for - 'window domain' 'winbind ads realm' 'security model' ' window domain controller' and 'templat shell'.......
Last edited by centos123; 07-02-2011 at 12:41 AM.
Reason: incomplete
It has been quite a while since I last tried to set something like this up and I have forgotten a bit of it. Your error message makes me think that you are missing a configuration that goes with LDAP. There is a set of parameters where you specify the domain, and values for OU, CN, and so forth. Have you performed this step?
I have some bookmarked how to documents that helped me with this process. They are on my office PC and I won't have access to it till Tuesday.
i configured only kerbores and winbind ..not ldap.dont know about ldap..
could you please help me to configure wirte file..i think iam doing some mistake in krb5.conf file.
here is my configuration....
dude, you went too far in the wrong direction with your problem. you don't need to configure kerbores, winbind or ldap to have a simple samba file sharing. your server does not have to be on the same domain with windows users to be accessed.
I'm managing a big network with several workgroups and domains and I have a samba share accesible from any workgroup or domain.
All you need is a fresh smb.conf file (the one you have now might be messed up) and follow this settings:
in smb.conf:
uncomment interface and hosts allow
modify interface with your prefered interface (eth0, eth1...)
add to hosts allow the ip class of your allowed hosts (192.168.0.0/24 or 172.16.0.0/16 etc.)
add this settings under Global:
hide unreadable = yes
refresh = 1
somewhere you will find "security = user" (uncommented) change it to
security = share
change eth0 with your network interface used for samba sharing.
here what it mean of " change eth0 with your network interface "....
and when iam changing SElinux = permisive and checking status it shows SElinux disable..infact in its file it is permisive.then why it status show disable..
I mean change eth0 with your network interface you are using inside your lan. If you have a server with two network cards eth0 for internet and eth1 for lan then you should open those ports for eth1 interface.
From my readings centos is based on red hat just like fedora. I had fedora and I wanted the same thing you want: samba share for all workgroups and domains from my network. I was able to see the first folder of my share but not able to access it. Always the same error:
"You might not have permission to use this Network resource.
The network path was not found."
Solved the problem with this command:
setsebool -P samba_enable_home_dirs on
if not working try this one:
setsebool samba_enable_home_dirs=1
or check smb.conf there you cand find information about this line right at the beginning of smb.conf
in morning when i login into root..in desktop a window box seen.
"Network Authentication" box.it prompt me to enter PASSWORD FOR Administrator@<WINDOW DOMAIN SERVER>
and in red color a warning message is written as " your credential has been expired.
in tab written "Renew Ticket" "cancel"...
i entered password and clicked on Renew Ticket..
after that iam not getting mycomputer and other content of desktop...i cant go inside file server...in gnome cgi..
now how could i get into mycomputer..through gnome
iam testing..your configuration..till can you please solve my gnome problem..
when i clicked on Places-->Desktop
it errors...
Could not open location 'file:///root/Desktop'
There is no default action associated with this location.
i properly logoff the root.but when i login it didnot show any file folder and computer,root home directories on desktop..
panseluta: you went too far in the wrong direction with your problem. you don't need to configure kerbores, winbind or ldap to have a simple samba file sharing. your server does not have to be on the same domain with windows users to be accessed.
Quote:
centos123rompt me to enter PASSWORD FOR Administrator@<WINDOW DOMAIN SERVER> and in red color a warning message is written as " your credential has been expired. in tab written "Renew Ticket" "cancel"...
Asking for domain administrator password and expired TICKETS shouts Kerberos trouble. Centos123, you MUST start using your log files and look for error and warning messages. Troubles like "my gnome problem" are not nearly descriptive enough to provide accurate answers to.
The question also remains as to what is your end objective? The instructions above by Panseluta are for a SIMPLE Samba share that will give everyone read, write permission without authentication. Is this what you want? From what you have been describing you are trying to implement domain authentication to access a Linux machine. There are three components to this: Samba, kerberos and LDAP. The Samba provides the windows networking compatibility, Kerberos allows the machines to authenticate and trust each other via tickets, and LDAP handles the user authentication.
If you followed the suggestions by Pensulat where you create a storage folder with 0777 permissions and make it browseable = yes, writeable = yes, guest ok = yes, this did not solve your domain and samba authentication issues. Instead it simply masked the problem by creating an insecure free access for anybody communal space. If you really are trying to handle confidential, departmental files, this would be the absolute wrong approach. At a minimum, you will need to create Samba users and Passwords. Your idea of using a true authentication system is a much better approach.
I am not trying to be harsh with you, but I also don't want to see you wind up in the security forum saying "please help, my system has been hacked", which is what the approach outlined above is setting you up for.
well norwayZ giving a newbie "a lot of information to wade through" instead of a solution doesnt solve his problem. I was not masking his problem but helped him to get started.
centos123 if you want user access to your shares edit smb.conf and change "security = share" to "security = user", then change from "guest ok = yes" to "valid users = chucknorris"
[NEWS]
path = /home/news
browseable = yes
writeable = yes
valid users = reptile sonya scorpion (you can also enumerate a bunch of users separated by spaces but you also have to use "create mask = " and "directory mask = ")
create mask = 0660 (for example)
directory mask = 0770 (for example)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.