Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Samba: Active Directory and Configuration 1

Status
Not open for further replies.
gwinn7

gwinn7

Programmer
Feb 10, 2001
1,004
US
I am able to setup Samba to where I can exchange files between Win2K workstations and the Samba machine. I would like to add the Samba machine to the Active Directory Services list of computers. This is where I am having some trouble.

I have read several articles on the subject. It seems to me that I should have my configuration set like this...

[global]
security = domain
encrypt passwords = yes
domain logins = yes
workgroup = myworkgroup
password server = mydomainserver
netbios name = mylinuxbox
password server = mydomainserver

I stopped and restarted the smb services, but no luck. When I tried to access my test share folder, the error returned was...

"Login failure: unknown uer name or bad password"

I have also setup that share on the Linux box to have full read/write permissions for everyone (test only for now!).

On the ADS server, the Linux box has been added, recognized, and is browsable.

What I find confusing is the documentation discusses adding a Samba machine to a Windows NT4 domain, but says nothing how it is different or the same under ADS. Could someone describe this difference, if any, and perhaps relate instructions as to how to properly connect the Samba server to the Windows 2000 ADS domain?

Thanks in advance,

Gary
gwinn7
 
Sort by date Sort by votes
When you use security = domain, it uses a domain controller to authenticate against. You need to create a user in /etc/passwd for any users who will connect to the share, but you don't need to worry about setting any passwords for these users.

[global]
security = domain
password server = *
encrypt passwords = yes

You also need to add the Samba computer to the windows domain. First, create a computer account in the domain for the Samba server you want to add. Make sure to select "Allow Pre-Windows 2000 computers to connect to this computer". Next, run this command from the linux server...

smbpasswd -j 'domainname' -r 'netbios_name_of_dc'

For example, "smbpasswd -j linux.com -r DC1"

I don't have a Linux box in front of me, or else I would show you my configuration here. I don't know about that "domain logins = yes" command. I never used it before.

Let me know if this works, and if not, then I'll put together a configuration file for you.

ChrisP

 
Upvote 0 Downvote
Ahh, yes. I did something quite similar, but I will try as you said. I will let you know the result.

Thanks again,

Gary
gwinn7
 
Upvote 0 Downvote
Well, I was unsuccessful. I setup the smb.conf file as you stated...

[global]
security = domain
password server = *
encrypt passwords = yes

I did add the computer in ADS and added the option to Allow Pre-Windows 2000 computers access, but I encountered the problem when I went to invoke the smbpasswd command you specified. I received the following response...

"modify_trust_password: Unable to connect to SMB server on machine mydomainserver. Error was : code 0"
"2002/01/29 08:25 : change_trust_account_password: Failed to change password for domain MyDomain"

At this point, I still cannot browse my test share. It prompts me for a user name and password that always rejects me.

Any ideas?

Gary
gwinn7
 
Upvote 0 Downvote
Sorry, I didn't mean for you to copy exactly what I wrote. It was just an excerpt from the full config file. Here's my smb.conf file...

[global]
wins server = 'ip address of wins server'
name resolve order = lmhosts wins hosts bcast
workgroup = 'workgroup'
server string = Penguin
netbios name = Penguin
security = domain
password server = Win2K-03
encrypt passwords = yes
valid users = cpurcell admin

After you have this file setup, run the smbpasswd command to join the NT/2000 domain. Make sure beforehand that you set up the proper computer account in the domain. When you create the account, make sure to select "Allow Pre-Windows 2000 computers to use this account".

smbpasswd -j domain -r Win2k-03

You might also want to add the NetBIOS name of your domain controller in the /etc/samba/lmhosts file.

ChrisP
 
Upvote 0 Downvote
Good news. The smbpasswd command worked. It seems to me that it was a name resolution issue and the Wins Server line did it.

However, I am still being prompted for a user name and password when trying to connect to the Linux box through my Windows 2000 workstation. In other words, I can't get past looking at the computer icon that represents the linux box. I am prompted for a user name and password before I can even see the share list.

Ideas? I will continue to work on it.


Gary
gwinn7
 
Upvote 0 Downvote
OK! Figured it out.

I have been reading some of the past issues and discovered the problem. It was that I did not have a smbpasswd file. I thought this was already created, but obviously, it wasn't.

It seems to work perfectly now.

Thank you again for all your helpful assistance.

Gary
gwinn7
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gregor weertman
  • Locked
  • Question
set samba "template shell" dependent on group
Replies
0
Views
137
gregor weertman
gregor weertman
MCP2000
  • Locked
  • Question
CentOS 6.9, LDAP, Vault, Active Directory
Replies
0
Views
143
MCP2000
MCP2000
SamBones
  • Locked
  • Question
CentOS 7 and Putty
Replies
2
Views
245
SamBones
SamBones
KannaChan
  • Locked
  • Question
TLS1.2 and TLS1.0 proxy in same Virtualhost
Replies
1
Views
219
ChrisHirst
ChrisHirst
jponnusa
  • Locked
  • Question
Help on Mapping Local Directory for URL
Replies
1
Views
153
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top