plokij5006
asked on
Ubuntu AD Member File Server
Hello Experts,
I am looking to deploy a Ubuntu file server which is integrated with an existing AD domain. We would like to be able to access the Ubuntu shares using the users Windows credentials.
What is the current best way of accomplishing this task and is there a good tutorial available explaining the process? We have pursued a solution using Like-wise Open and Samba in the past but our attempts we unsuccessful.
Kind regards,
Plokij5006
I am looking to deploy a Ubuntu file server which is integrated with an existing AD domain. We would like to be able to access the Ubuntu shares using the users Windows credentials.
What is the current best way of accomplishing this task and is there a good tutorial available explaining the process? We have pursued a solution using Like-wise Open and Samba in the past but our attempts we unsuccessful.
Kind regards,
Plokij5006
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have installed both Samba4 and PBIS, both of which installed correctly. PBIS allowed the machine to join the windows domain successfully and I was able to configure the Samba share using user accounts that have been gathered from AD.
We still have the issue where when attempting to connect to the share from a Windows client, authentication fails when using AD credentials. The only way to connect to the share is by allowing 'everyone' access.
We still have the issue where when attempting to connect to the share from a Windows client, authentication fails when using AD credentials. The only way to connect to the share is by allowing 'everyone' access.
ASKER
We have documented our work as working through this issue that may help someone in the future. Helge000 many thanks for your assistance on the matter.
Install Ubuntu Server
1. Build Linux VM
2. Install light weight GUI on server -> sudo aptitude install --without-recommends ubuntu-desktop
3. Reboot Server Sudo reboot
4. Log into server
5. Download and Install PBIS
wget http://download.beyondtrust.com/PBISO/7.1.0/1203/pbis-open-7.1.0.1203.linux.x86_64.deb.sh
chmod +x pbis-open-7.1.0.1203.linux .x86_64.de b.sh
sudo ./pbis-open-7.1.0.1203.lin ux.x86_64. deb.sh
6. Test ping domain.local > If it fails modify hosts file manually
sudo gedit /etc/hosts
add IP address domain.local hostname
7. Join AD domain -> sudo domainjoin-cli join example.local Administrator
sudo /opt/pbis/bin/samba-intero p-install --install
8. Reboot
9. Snap Shot Volume
10. Install Samba sudo apt-get install samba
11. Modify the /etc/samba/smb.conf file
#======================= Global Settings =======================
[global]
workgroup = [DOMAIN]
realm = [DOMAIN FQDN - EXAMPLE.LOCAL]
server string = %h server
wins server = 10.0.0.10
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-act ion %d
security = ADS
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword: * %n\n *password\supdated\ssucces sfully* .
pam password change = yes
map to guest = bad user
idmap uid = 10000-33554431
idmap gid = 10000-33554431
usershare allow guests = yes
#======================= Share Definitions =======================
[Share]
path = /share
read only = no
guest ok = no
browseable = yes
force create mode = 664
directory mask = 775
force directory mode = 775
valid users = @"DOMAIN\domain users", @"DOMAIN\domain admins"
write list = @DOMAIN\staffgroup, @"DOMAIN\domain admins"
read list = @"DOMAIN\domain users", @"DOMAIN\domain admins"
force group = DOMAIN\staffgroup
12. Install Samba GUI system-config-samba for GUI
13. Test the configuration file testparm \etc\samba\smb.conf
14. Create a test share
[testshare]
Comment = This is a test share
Path = /share
Browseable = yes
Read only = no
Valid users = DOMAIN\USER
Writeable = yes
Guest ok = yes
Configure share settings
mkdir /share
chmod a+rx /share
chown DOMAIN\\USER /share/
15. Test shares from Windows Environment
Install Ubuntu Server
1. Build Linux VM
2. Install light weight GUI on server -> sudo aptitude install --without-recommends ubuntu-desktop
3. Reboot Server Sudo reboot
4. Log into server
5. Download and Install PBIS
wget http://download.beyondtrust.com/PBISO/7.1.0/1203/pbis-open-7.1.0.1203.linux.x86_64.deb.sh
chmod +x pbis-open-7.1.0.1203.linux
sudo ./pbis-open-7.1.0.1203.lin
6. Test ping domain.local > If it fails modify hosts file manually
sudo gedit /etc/hosts
add IP address domain.local hostname
7. Join AD domain -> sudo domainjoin-cli join example.local Administrator
sudo /opt/pbis/bin/samba-intero
8. Reboot
9. Snap Shot Volume
10. Install Samba sudo apt-get install samba
11. Modify the /etc/samba/smb.conf file
#======================= Global Settings =======================
[global]
workgroup = [DOMAIN]
realm = [DOMAIN FQDN - EXAMPLE.LOCAL]
server string = %h server
wins server = 10.0.0.10
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-act
security = ADS
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:*
pam password change = yes
map to guest = bad user
idmap uid = 10000-33554431
idmap gid = 10000-33554431
usershare allow guests = yes
#======================= Share Definitions =======================
[Share]
path = /share
read only = no
guest ok = no
browseable = yes
force create mode = 664
directory mask = 775
force directory mode = 775
valid users = @"DOMAIN\domain users", @"DOMAIN\domain admins"
write list = @DOMAIN\staffgroup, @"DOMAIN\domain admins"
read list = @"DOMAIN\domain users", @"DOMAIN\domain admins"
force group = DOMAIN\staffgroup
12. Install Samba GUI system-config-samba for GUI
13. Test the configuration file testparm \etc\samba\smb.conf
14. Create a test share
[testshare]
Comment = This is a test share
Path = /share
Browseable = yes
Read only = no
Valid users = DOMAIN\USER
Writeable = yes
Guest ok = yes
Configure share settings
mkdir /share
chmod a+rx /share
chown DOMAIN\\USER /share/
15. Test shares from Windows Environment
https://help.ubuntu.com/lts/serverguide/samba-fileserver.html
https://help.ubuntu.com/10.04/serverguide/samba-fileserver.html
https://help.ubuntu.com/community/Servers
Thanks.