Setting Share Permissions & ACL's remotely to ubuntu 16.04 Samba file server via Windows Server 2012 r2

By OpSupport
in HOW TO & FAQ Guides

 Share

Recommended Posts

Neowinian

OpSupport

Posted
Posted

Hi all, 

 

I've been looking around the forums and trying to find an answer via search but I have been unable to thus far. I'm hoping someone can give me a hand. I'm very new to Linux and Samba but my bosses wanted me to set up a new file server on Ubuntu that can integrate with AD and have users be able to authenticate with their AD credentials. So far I have managed to get Ubuntu 16.04 installed, Kerberos configured and the system added to my AD domain. Everything is working fine. I am able to see my new file server in AD users and computers and DNS is working correctly, things are pingable and resolving right. 

 

My issue is that I am trying to use the instructions in the Samba wiki to set the share permissions and ACL on a share which I have created on my Samba server as it indicates that I shouldn't use the smb.conf to add the parameters, but instead use the Windows utilities ( https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs ) Unfortunately, despite everything else working correctly when I try to connect via my 2012 r2 server to the remote Samba I get an error " Computer <new server> cannot be managed. Verify hat the network path is correct, the computer is available on the network, and that the appropriate Windows Firewall rules are enabled on the target computer" Sadly, there are NO "Windows Firewall rules" since its a Ubuntu box and considering that the computer IS perfectly visible in the AD, the snap-in can find it when I 'browse', it can be ping'd and the UFW is off, I am at a loss as to what could possibly be the issue.

 

Anyone out there who has integrated a Ubuntu file server using Samba onto AD can point me in the right direction?

 

Thanks!

 

Grand Master

Mindovermaster Global Moderator

Posted
  • Global Moderator
Posted

I think  that only applies to Windows systems. You are on Linux, use the smb.conf.

 

I am very shady on this, but I THINK that is what you're trying to get accross... If I'm wrong, shoot me in the foot...

Neowinian

OpSupport

Posted
  • Author
Posted

@Mindovermaster I have tried both ways. Unfortunately I can't seem to get a windows user to be able to map to the samba share using only the AD credentials - which is what should be happening.  I can set up a share without the system being on the domain or using kerberos to authenticate but this is not what I am wanting. I need a ubuntu server to join my windows domain, to have users be able to map their shares using only their windows AD credentials. According to the article that I linked and the Samba wiki, this setup is completely possible - but I can't manage it. I was hoping someone had done it - and documented all the steps.

 

Thanks for trying. I think I am just going to have to set it up as a stand alone server , assign everyone their own samba passwords and have them map locally without it being a domain member.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

did you validate your samba has extended ACLs enabled

 

smbd -b | grep HAVE_LIBACL

 

Does that come back that you HAVE_LIBACL?

 

If so and you joined it to the domain correctly, then yes you should be able to access via the windows tools..

 

What schema are you running you mention 2012r2 but are you actually running the 2012r2 schema -- you can check with dsquery or powershell.  Also what version of samba are you running?

 

What I can tell you off the top of my head, is yes this is very possible.. Problem is I have not done this in quite some time.. I would have to fire up some vms and run through it.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • 2TB WD_Black SN7100 PCIe Gen4 NVMe SSD drops to its lowest price in over three months

      By Fiza Ali · Posted

      2TB WD_Black SN7100 PCIe Gen4 NVMe SSD drops to its lowest price in over three months by Fiza Ali Amazon is currently offering the 2TB WD_Black SN7100 internal solid-state drive at its lowest price in over three months, so you may want to check it out, if you have been considering a storage upgrade, before the deal dries up (purchase link is toward the end of the article). Featuring a PCIe Gen 4.0 interface and M.2 2280 form factor, the SN7100 promises to deliver sequential read speeds of up to 7,250MB/s and sequential write speeds reaching 6,900MB/s, offering as much as a 35% improvement in performance compared with the previous generation. It also achieves random read speeds of 1,000,000 IOPS and random write speeds of 1,400,000 IOPS. The drive uses Western Digital’s TLC 3D NAND technology for reliable performance and is further supported by a five-year limited warranty. It also offers strong endurance, rated at up to 1,200TBW, making it suitable for demanding workloads such as gaming, content creation, and high-speed recording. Moreover, its DRAM-less architecture claims to improve power efficiency (the SSD relies on system memory for caching via HMB), while the WD_Black Dashboard software enables users to monitor drive health, install firmware updates, and activate Game Mode for potentially better performance. Finally, it operates within an operating temperature range of 0°C to 85°C, and can withstand storage temperatures from -40°C to 85°C. 2TB WD_Black SN7100 PCIe Gen4 NVMe SSD: $242.96 (Amazon US) Check this deal out if you want a 4TB option. Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • Windows 11 gets new audio improvements in the latest builds

      By cork1958 · Posted

      Hopefully this will fix the issue of no sound I have since last months stupid, and non-removable, Microsoft Corporation AudioProcessingObject Driver Update (1.0.3.56670)
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By Captain_Eric · Posted

      It IS confusing! What channel are you in on each device? I'm guessing your 16GB device is on Experimental (formerly known as Dev) and your 128GB is on Beta.
    • Poll: Grand Theft Auto VI price predictions, cast your vote

      By cyberhash · Posted

      100 for the base game , 120 for pre release with bonus unlocked content (a pair of boil washed underpants for Trevor)
    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

  • Recent Achievements

    • Week One Done
      Supreme Spray LV earned a badge
      Week One Done
    • One Month Later
      Genuinetonerink- Dubai earned a badge
      One Month Later
    • Week One Done
      Genuinetonerink- Dubai earned a badge
      Week One Done
    • One Year In
      hhgygy earned a badge
      One Year In
    • Week One Done
      AMV earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      514
    2. 2
      +Edouard
      163
    3. 3
      PsYcHoKiLLa
      86
    4. 4
      Steven P.
      74
    5. 5
      Michael Scrip
      73
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!