[Samba] Joining Linux Domain Member to Samba DC, issues
Mark Foley
mfoley at novatec-inc.com
Sat May 4 17:28:15 UTC 2024
I've posted on this not long ago, but I've run more tests since. Here's
my situation (all Linux host running Samba Version 4.18.9) ...
I have a Linux Domain Member, NAS, sharing a directory /public. Domain
Windows users can map to this share and their domain user credentials
are automatically accepted without them having to enter their
credentials. This worked as well with our older Samba version.
Now, I want to move this shared directory to a different host,
WEBSERVER, which is not currently a domain member. I upgraded the OS
version and Samba version (to 4.18.9) on WEBSERVER and joined it as a
member to the domain. I copied the /public directory from NAS to
WEBSERVER. The smb.conf on WEBSERVER is a clone of that which is on NAS
except for the path:
# Global parameters
[global]
max log size = 10000
realm = HPRS.LOCAL
security = ADS
server role = member server
server string = HPRS WEBSERVER
template homedir = /home/%U
template shell = /bin/bash
workgroup = HPRS
idmap config hprs : range = 10000-999999
idmap config hprs : backend = rid
idmap config * : range = 3000-7999
idmap config * : backend = tdb
vfs objects = acl_xattr
map acl inherit = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
usershare allow guests = Yes
usershare max shares = 10
[public]
comment = OHPRS main file and document repository
path = /public
store dos attributes = no
hide dot files = yes
hide files = /Outlook/outlook/~*/
readonly = no
locking = yes
public = yes
printable = no
create mask = 0660
force user = ohprso
force group = ohprs
force create mode = 0660
directory mask = 2771
When I then attempted to map a Windows user to \\webserver\public, it
did not automatically use the user's domain credentials and asked for
credentials to be entered. No credentials I entered works (but I didn't
exhaustively test this).
I restored WEBSERVER back to its pre-upgrade state and tried again, a
few times in fact, with no success. I then used a spare computer, wiped
the drive and installed the OS from scratch with the upgraded Samba. I
named this host WEBMEMBER. I joined it to the domain and added the A
record. I again copied the /public folder from NAS to WEBMEMBER and ran
Samba using the same smb.conf file as shown above. This time, when I
tried to map the drive from a Windows domain computer it worked just
fine automatically using the domain credentials and not asking the user
to enter credentials.
Next, I unjoined WEBMEMBER from the domain, took WEBSERVER offline,
deleted the A records for WEBMEMBER and WEBSERVER, renamed WEBMEMBER to
WEBSERVER (/etc/hosts, etc/HOSTNAMES), changed WEBMEMBER's IP address to
be the same as the former WEBSERVER, rebooted, joined WEBSERVER (former
webmember) to the domain, added its A record and ran samba. When I
attempted to map the /public directory from a Windows computer I again
was prompted to explicitly enter credentials. It did not automatically
mount.
This self-same computer when named WEBMEMBER had no problem mapping this
shared folder. Unjoining it from the Domain, renaming to WEBSERVER and
joining to the domain caused a problem mapping with domain credentials.
Nothing else changed with this computer. This doesn't make sense.
Neither does it make sense that the original WEBSERVER would not allow
mapping with domain credentials once joined as a member.
Is there something in some tbd/ldb file or somewhere hanging around from
the original WEBSERVER that inhibits mapping shared drives with domain
credentials?
I still have the staged new WEBSERVER offline and can continue testing.
If there is something I could check when the mapping is rejected, please
advice and I'll check it out.
Thanks --Mark
More information about the samba
mailing list