Samba configuration


#1

Good evening.

I installed UCS 4.3 and was able to join my existing Win2008R2 domain.

I configured a samba share for one of the existing users but was not able to open it from a Windows machine on which the respective user was logged in.

So I searched a bit and added that share to samba.conf (the actual one, not the file referenced in it by UCS) but was still asked for credentials but couldn’t open it with any I entered.

Only after adding that user via smbpasswd as is common with Linux systems was I able to enter the share without providing further credentials.

I would have thought that this is done via the web interface either in users or shares or in both but not through editing a configuration file (which will maybe be overwritten but I didn’t want to read and figure out the referenced file, yet) and by adding the user via terminal for which every already existing user would have to enter his password or I would have to reset it.

Did I miss anything?

Thank you very much for your time and help!

Regards

Thorsten


#2

Hi,

editing smb.conf directly is not recommended at all. The file will be overwritten frequently by UCS services.

If you are asked for credentials there is something wrong with your setup. Have you checked if your users on you Windows is really not a local user? If this user was existing before Windows joined the domain this user is (despite of the same name) a different one than the domain user…

Just as idea

/CV


#3

Hi.

I read that but did it anyway in my test setup :slight_smile:

The Windows domain is a “.local” one as I don’t own a “real” domain and will probably just use a DynDNS one as I do right now for my Nextcloud (which UCS shall replace as well as the Windows server).

The user is an existing Windows user logged into the domain.

I haven’t created any new users in UCS, yet and above the General part there is an Attention notice telling me that this user is part of the AD domain.

I have done the following:

After having saved that share:

  • set that path as “Home share” under Users - Account with “home share path” as

/home/ is also the Unix home directory under Users - Account

And I get the credential window under Windows and can’t login providing the Windows domain credentials for that user.

What did I do wrong?

Many thanks for your help!


#4

Hi,

sorry, I can not follow your writing. Looks like you are using the AD-Member-Mode of UCS (Windows AD DC). Then a default share should work out-of-the-box. If not you might have some misconfiguration or misunderstanding.

You wrote you used the “Home share”. This might not bring the results as you might have expected. Read this article regarding home shares in UCS.

And you should revert your manual changes, otherwise it will corrupt all UCS settings we would suggest here. The easiest way is simply to do a “ucr commit” on the command line. This will re-write all configuration files to match the configured settings from OpenLDAP/ UCS.

/CV


#5

Good morning,

it’s difficult to describe…

Thank you very much for the link to the How To!
I won’t have time to try this out until the end of the month, though.

You are correct, right now the UCS server works in AD-Member-Mode for as long as I haven’t figured everything out. In the end I want to replace a Windows Server 2008 R2 with Exchange as well as my existing Nextcloud installation on which there is also a private website including a Koken installation.

I don’t have to revert anything because this is a new installation, I did try the changes to the .conf file in another test environment (thanks to VMs!).

Thank you very much again!
I’ll report back as soon as I have time to read and reconfigure.

Regards

toko42


#6

Actually only the first section of the How To applies to my problem as I don’t use roaming profiles and don’t want drives assigned during log-in (there are not that many users).

I ran “ucr commit” but still can’t login to my test shares.

A restore of a backup I made with Veeam just after installation (and thus without any modifications) gives the same results.

All “Domain join” scripts have run successfully with the exception of
96univention-samba4
97univention-s4-connector
but the logs tell me that they can’t be run as long as UCS is in AD Member Mode so they shouldn’t interfere with my Samba problem.

I guess I have to re-install the system to make sure that there really aren’t any modifications left.

UCS is after all a bit more complex than just editing some .conf files so I want to do it right even if it costs some more time and I’ve still got about a year until updates for the existing windows server will cease.

Thank you very much so far!


#7

If you have join scripts which didn’t run successfully, you can trigger them again by running univention-run-join-scripts. If they continue to fail, post the relevant content from /var/log/univention/join.log.


#8

I thought that those two scripts were specifically for taking over the domain as the log told me that they can’t be run as long as UCS is in member mode.

Please let me know if this is NOT the case and they are the culprits which hinder me accessing the shares.


#10

I’ve partly solved the problem.

I re-installed the whole server after all and was able to add a share on the system drive successfully.

As I don’t want to have my data on the system drive, I wanted to add another drive as a mere data drive (which worked) and create a share on that mount point.
The share’s directory is created on the drive (I can see it using ls) but the share is not accessible via Windows.

What am I missing?

Thank you very much for your support!