Setting Share Permissions & ACL's remotely to ubuntu 16.04 Samba file server via Windows Server 2012 r2


Recommended Posts

Hi all, 

 

I've been looking around the forums and trying to find an answer via search but I have been unable to thus far. I'm hoping someone can give me a hand. I'm very new to Linux and Samba but my bosses wanted me to set up a new file server on Ubuntu that can integrate with AD and have users be able to authenticate with their AD credentials. So far I have managed to get Ubuntu 16.04 installed, Kerberos configured and the system added to my AD domain. Everything is working fine. I am able to see my new file server in AD users and computers and DNS is working correctly, things are pingable and resolving right. 

 

My issue is that I am trying to use the instructions in the Samba wiki to set the share permissions and ACL on a share which I have created on my Samba server as it indicates that I shouldn't use the smb.conf to add the parameters, but instead use the Windows utilities ( https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs ) Unfortunately, despite everything else working correctly when I try to connect via my 2012 r2 server to the remote Samba I get an error " Computer <new server> cannot be managed. Verify hat the network path is correct, the computer is available on the network, and that the appropriate Windows Firewall rules are enabled on the target computer" Sadly, there are NO "Windows Firewall rules" since its a Ubuntu box and considering that the computer IS perfectly visible in the AD, the snap-in can find it when I 'browse', it can be ping'd and the UFW is off, I am at a loss as to what could possibly be the issue.

 

Anyone out there who has integrated a Ubuntu file server using Samba onto AD can point me in the right direction?

 

Thanks!

 

I think  that only applies to Windows systems. You are on Linux, use the smb.conf.

 

I am very shady on this, but I THINK that is what you're trying to get accross... If I'm wrong, shoot me in the foot...

@Mindovermaster I have tried both ways. Unfortunately I can't seem to get a windows user to be able to map to the samba share using only the AD credentials - which is what should be happening.  I can set up a share without the system being on the domain or using kerberos to authenticate but this is not what I am wanting. I need a ubuntu server to join my windows domain, to have users be able to map their shares using only their windows AD credentials. According to the article that I linked and the Samba wiki, this setup is completely possible - but I can't manage it. I was hoping someone had done it - and documented all the steps.

 

Thanks for trying. I think I am just going to have to set it up as a stand alone server , assign everyone their own samba passwords and have them map locally without it being a domain member.

did you validate your samba has extended ACLs enabled

 

smbd -b | grep HAVE_LIBACL

 

Does that come back that you HAVE_LIBACL?

 

If so and you joined it to the domain correctly, then yes you should be able to access via the windows tools..

 

What schema are you running you mention 2012r2 but are you actually running the 2012r2 schema -- you can check with dsquery or powershell.  Also what version of samba are you running?

 

What I can tell you off the top of my head, is yes this is very possible.. Problem is I have not done this in quite some time.. I would have to fire up some vms and run through it.

This topic is now closed to further replies.
  • Posts

    • Microsoft is removing legacy drivers from Windows Update by Usama Jawad Last month, we learned that Microsoft is making major changes to the development of hardware drivers in Windows. This included the retirement of Windows Metadata and Internet Services (WMIS), along with the process for pre-production driver signing. Now, the Redmond tech firm has informed partners that it will be getting rid of old drivers in Windows Update. In what is being described as a "strategic" move to improve the security posture and compatibility of Windows, Microsoft has announced that it will be performing a cleanup of legacy drivers that are still being delivered through Windows Update. Right now, the first phase only targets drivers that already have modern replacements present in Windows Update. As a part of its cleanup process, Microsoft will expire legacy drivers so that it is not offered to any system. This expiration involves removing audience segments in the Hardware Development Center. Partners can still republish a driver that was deemed as legacy by Microsoft, but the firm may require a justification. Once the Redmond tech giant completes its first phase of this cleanup, it will give partners a six-month grace period to share any concerns. However, if no concerns are brought forward, the drivers will be permanently eradicated from Windows Update. Microsoft has emphasized that this will be a regular activity moving forward and while the current phase only targets legacy drivers with newer replacements, the next phases may expand the scope of this cleanup and remove other drivers too. That said, each time the company takes a step in this direction, it will inform partners so that there is transparency between both parties. Microsoft believes that this move will help improve the security posture of Windows and ensure that an optimized set of drivers is offered to end-users. The firm has asked partners to review their drivers in Hardware Program so that there are no unexpected surprises during this cleanup process.
    • No idea, but I had a client the other week that lost the entire drive to it. I suggested relying on the Samsung T7's instead. The Sandisk Extreme's had reliability issues too.
    • I use it every day so personally yes I need it, or rather I want it. I use OpenShell though, not the garbage modern Start Menu. I just counted and at the moment I have a total of 92 program shortcuts organized into six folders almost exactly the way I did back in Windows 95. I can get to any program I want to run very quickly. I never use Search to find or run programs.
    • I do miss the Apps view from Windows 8.1 Update.
    • I use the search function and little else since Windows 11 (but there are times where Saved Searches take precedence since the search feature on the Start menu is worse than before). I use other features in previous releases.
  • Recent Achievements

    • One Month Later
      gowtham07 earned a badge
      One Month Later
    • Collaborator
      lethalman went up a rank
      Collaborator
    • Week One Done
      Wayne Robinson earned a badge
      Week One Done
    • One Month Later
      Karan Khanna earned a badge
      One Month Later
    • Week One Done
      Karan Khanna earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      664
    2. 2
      ATLien_0
      262
    3. 3
      Michael Scrip
      212
    4. 4
      +FloatingFatMan
      168
    5. 5
      Steven P.
      156
  • Tell a friend

    Love Neowin? Tell a friend!