submitted 1 month ago by [email protected] to c/[email protected]

Mounting a SMB share on login is actually pretty. You first need to login as an Active directory user. For the time being I can not get it to work on TTY only machines but at some point I will find a way. Once you have logged in verify you have a Kerberos kicket by running klist. You should see your user and a path to the ticket.

Next, find the fully qualified domain name of the server you are trying to mount. This will be the computername.domain. Once you have figured that out you need to find the name of the share you are mounting.

Next, test mount the share with gio mount "smb://fqdn/sharename" with fqdn being the name from above and the share name being the share name. If everything worked, it should popup on your desktop. You should not need to enter a password as it should use the Ticket generated when you logged in.

If that worked you can make mount for all users on login with a desktop file. run sudo nano /etc/xdg/autostart/mount.desktop and put this inside

[Desktop Entry]
Name=mount SMB share
Comment=mount SMB share myshare
Exec=/usr/bin/gio mount "smb://fqdn/sharename"

This should now work when a user logs in.

Windows GPO stores explained in brief (www.totalnetsolutions.net)
submitted 1 month ago by [email protected] to c/[email protected]

This is a several year old blog post the briefly explains group policy under the hood

Samba/AD service users (lemmy.sdf.org)
submitted 1 month ago by [email protected] to c/[email protected]

So I am looking into using service accounts to allow services to access network resources. My own use case is going to be Jellyfin but if this works I might try to use this for other services.

I have not set anything up as of yet but I am going to create a domain controller and then join Linux servers to it. On the Linux servers I am going to run podman under the service account. I am still working on how to store the password but my plan is to login to the service account via Pam and then to use pam mount to mount a network resource.

I'll create another post once I set this up.

submitted 2 months ago* (last edited 1 month ago) by [email protected] to c/[email protected]

So I am going to try to document how I joined a Windows 2022 server to a Samba domain. This is highly experimental and should not be attempted in anything production or important.

To do this you will need Samba 4.19 or newer. I used Fedora server in this case. The first step it to either create or use a existing domain. I recommend that you setup a time server when you setup Samba DCs as active directory (kerberos) is time dependent. Also make sure that your network and domain are working properly as you do not want to try this if there are existing issues.

To start, add ad dc functional level = 2012_R2 to smb.conf. if you are setting up a domain from scratch you can add the option --option="ad dc functional level = 2012_R2". Keep in mind you will need to do this for each DC in the domain.

After you have added that option the next step is to restart Samba. If you are using a new enough version there should not be any errors. The next step is to upgrade the forest, schema and functional levels. You can do this with these commands:

First check the current functional level:

sudo samba-tool domain level show

If everything is working correctly the Lowest function level of a DC should be 2012_R2. If it isn't you need to either upgrade the functional level with the above steps or you need to demote old domain controllers.

Once the lowest functional level is 2012_R2 you can upgrade the domain.

samba-tool domain schemaupgrade --schema=2012_R2
samba-tool domain functionalprep --function-level=2012_R2
samba-tool domain level raise --domain-level=2012_R2 --forest-level=2012_R2

I would also run a check on the database just in case. You may need to run it multible times.

samba-tool dbcheck --fix --yes --cross-ncs

Next, verify that everything shows 2012_R2 sudo samba-tool domain level show

I would also like to point out that Samba supports a 2016 functional level and a 2019 schema level but both of those are even more experimental.

The next step is to join a Windows Server as a DC. You can to join it just like you would join any other DC. Set the DNS and then use the server manager or Powershell to join the domain as a DC.

The next steps are important so do not skip them. On the Windows server you will need first force enable the sysvol. Run this command as Administrator:

 "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Name "SysvolReady" -Value "1"

Next, you will need to setup NTP sync. Run this:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters" -Name "Type" -Value  "NTP"
net stop w32time
net start w32time

Once that it done you need to setup replication via robocopy. Follow the Samba Wiki: https://wiki.samba.org/index.php/Robocopy_based_SysVol_replication_workaround

After doing this setup I would reboot the DC. After that everything should work.





submitted 2 months ago by [email protected] to c/[email protected]
New Samba community (lemmy.sdf.org)
submitted 2 months ago by [email protected] to c/freesoftware

[email protected]

This is a community to discuss and to get support for Samba and related projects

submitted 2 months ago by [email protected] to c/[email protected]

I have created a new Samba community on lemmy.sdf.org

You can find it here:

[email protected]

I think Samba is a great piece of software but it lacks good community support and engagement. I'm hopping to change that.

New Samba community (lemmy.sdf.org)
submitted 2 months ago by [email protected] to c/[email protected]

I have created a new Samba community on lemmy.sdf.org

You can find it here:

[email protected]

My goal is to create a support network that is outside of the mailing list.

submitted 2 months ago by [email protected] to c/[email protected]
Samba Wiki (wiki.samba.org)
submitted 2 months ago by [email protected] to c/[email protected]


joined 2 months ago