Can NS Samba DC serve a mixed network?

The credentials that are successful with a non-joined win vista home are not successful with a non-joined win 10 pro or a ubuntu machine using nautilus.

edit;
I found that the win 10 pro and the ubuntu machine both are successful accessing the share when using the server’s ip, but not the hostname, unlike the vista machine which is successful using the hostname.
@davidep

and this is all I have for logs… in messages, nothing to be found in /samba/*

Sep 15 14:16:37 server7c systemd-logind: New session c3 of user service@neth.test.local. Sep 15 14:16:37 server7c systemd: Started Session c3 of user service@neth.test.local. Sep 15 14:16:37 server7c systemd: Starting Session c3 of user service@neth.test.local. Sep 15 14:17:18 server7c systemd-logind: New session c4 of user service@neth.test.local. Sep 15 14:17:18 server7c systemd: Started Session c4 of user service@neth.test.local. Sep 15 14:17:18 server7c systemd: Starting Session c4 of user service@neth.test.local.

How you did that?? I cant start DC. Could you post ALL the step you did from the beginning? THX

1 Like

Hi @Auto_Bitacora I’ll try to help.

Installation on dedicated hardware or VM?

1 Like

dedicated hw
red network static ip from my provider
green 192.168.200.1 /24
Only active DNS an DHCP (no other modules activated)
Trying to install Samba Account provider (different ip and checked create bridge) finish with a error about not installed dc, switch almost instantly to a YUM update cache request.
Change to dashboard showing a yellow advice to “change administrator password” When i click there webgui stop working at all.

You can try a factory reset.
http://docs.nethserver.org/projects/nethserver-devel/en/v7b/nethserver-dc.html#factory-reset

Make sure the IP is not used in your network.
Install all updates.
If you get a yum error try yum check-update on commandline to get a clue what’s wrong.
You have to give the server a FQDN (I gave ns7test.ns7.lan)
Make sure, that sssd service is running.

Take a look at messages.log for info.

What I did:
I did a unattended installation, changed the dhcp on green interface to static.
Installed all updates.
Installed nethserver-dc and gave nsdc a static IP not used in local network.
Bridged interface to green interface.
Return to dashboard an set the admin password.
Installed file-server and created a shared folder as discirbed above.
As mentioned: no entry in acl. Use credentials DOMAIN\user + password.
All worked as expected out of the box.

Sorry, but at the moment I can’t giveyou more advice.

Thanks a lot. Maybe my hw is broken or something because that is exactly what i did in one of my test with no results…
A couple of questions:
You create only root account during O.S. installation? (i also create an administrador -spanish for administrator-)
Is this necessary to install LDAP account provider before Samba account provider?

Don’t do that. Samba DC install creates an administrator account. Make sure you apply any updates and reboot and make sure you create a good fqdn, before installing samba dc. Install samba dc before creating any accounts.

If you get the yum cache fail, look at messages in the logs and post the yum error.

Please dont shoot me, I had a look at this and we had this same problem at a client…

This does not work, i have actually converted our client entirely over to centos & ubuntu desktop machines… YES… :gift: :tada:

The thing is try6 and do this with a windows server - 2003, 2008, 2010 or 2013. It doesnt work their either. the problem is simple…

You are violating MI#crosofts user license, home should not be used in a domain enviroment. Why buy a home user license if you at work, you must pay more to use bills monopoly…

This doesnt even work with an ubuntu / debian server.

you cant use a mixture.

Sorry

@quality_team, do you confirm @clinton advice?

I think it’s a matter of what’s the goal.

A win home machine never can join a domain, so it’s not ment to be a part of a domain.
If you just want to give this machine internet access with a transparent proxy and some shared folders, maybe a shared calender with sogo and a printer, a mixed network is possible. This “workgroupsetup” is for many small businesses enough to satisfy their needs.

If you want a more compex setup with serverhosted profiles, grouppolicys and all this stuff, it’s the wrong way to buy a home machine.

So IMO @clinton 's advice is true for domain enviroment, but not for a simple workgroup-setup.

4 Likes

I’m at a dead stop with anything NS related because I’m wasting a lot of time I simply don’t have on this.
I managed to get access to the shared folder files using the file explorer browsing dialogs with all my test machines as posted above and thought this was solved, now, after shutting the instance down for a while, bringing it back up and updating it, I can no longer log into the share with any machines and can’t find anything in any logs.

Let me try to narrow this down so I can get a simple yes or no and can then move on to precisely how.

A standalone nethserver 7 install,
vm or not,
with a single nic,
Not !!! a gateway,
Not the dhcp nor dns server.
with only 2 modules installed,

  1. Samba Active Directory
  2. File Server
    no machines joined to the domain
    a single folder created in shared folders,
    a user created
    a Windows 7 home machine

Is it possible for a user on the win 7 home machine to access the shared folder on the nethserver machine using only the username and password created in Users and Groups under samba ad?

Here’s why, many users I know need a file server… many users have windows home machines, whether they’re home or office… most are used to access files in shared folders… so that’s a lot of users that can’t join an active directory… @giacomo says NS openldap doesn’t support authenticated shares anymore… that leaves samba ad… or unsecure shares…

So either I have a very broken, though up to date install, or we’re offering a somewhat short of functionality distro. either way, we need to be up front about what is possible and how it can be done, we need to know if non domain joined machines can access file shares or not.

2 Likes

AFAIK yes. I just verified it against smbclient and a Win 10 pro machine …but it is not up-to-date with security patches. Does anybody confirm it? /cc @quality_team

EDIT: verified also against Win 10 pro up-to-date

Windows 10 showed a dialog box, asking for username and password. The username must contain the NetBIOS domain name followed by a backslash “” followed by the user name without the domain suffix.

For instance, if my FQDN is vm8.dpnet.nethesis.it and the Unix account is first.user@dpnet.nethesis.it the resulting username must be

DPNET\first.user

Is it the LAN DNS? I’m not sure, but I suspect it is a requirement also for non joined machines…

While attempting to reproduce your problem two things come to my mind:

  • The bug fix for #5111 solves the problem for new Shared folders. Existing ones require a “reset permissions” action on them.
  • If you install Samba Active Directory and File Server at the same time, any Shared folder created before “START DC” has the default guest access enabled.

I hope it helps!

Time to install from scratch? :wink:

Please help us to improve it!

2 Likes

Does this (also) mean: Not dhcp/dns server of the lan?

2 Likes

Ehi man, your effort here is invaluable please don’t give up! :sweat_smile:
We’re all in the same boat.

1 Like

Correct. Not the dhcp nor dns server.

1 Like

So,

Sat down this morning and as yesterday, using testnc@neth.test.local I tried to login using the explorer dialog on a win 10 pro machine with neth\testnc and it failed.
I rebooted the win 10 pro machine and login failed again, I rebooted nethserver and the win 10 pro machine and login was successful.
I logged in with a win 10 home machine,
a ubuntu 12.04 machine with nautilus using the ns ip,
a ubuntu 14.04 machine with nautilus using the ns ip,
a win 7 pro machine,
a vista home machine, the vista home machine required using the ip instead of the hostname, the vista machine failed using the nethserver hostname even though I was able to navigate to the share using the hostname.

2 Likes

Did you set NS as LAN DNS?

2 Likes

No.
+the other 5 characters.

1 Like

if NS is not the dns/dhcp server for your lan then the machines will relay only on netbios calls.
For Vista this can be a issue.

You can add the domain suffix to the network settings. And also add a static entry to the hosts file so it will know about the domain of NS machine.

this is not how NS is supposed to work in a windows lan (and windows neither)