Create a Shared Directory on Samba AD DC and Map to Windows/Linux Clients – Part 7

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.95/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

16 Responses

  1. JM Moreno says:

    Perfectly, good job.

    Just only add
    mkdir /MBPOS \System

    [MBPOS System]
    path = /MBPOS System

  2. Artyom says:

    Nice article! I can’t load PAM module from samba winbind. Using version 4.6.4 from a source I linked pam_winbind, so library to /lib/x86_64-linux-gnu/security/ but pam-auth-update found only unix authentication profile. On the other hand, winbindd is working correctly and i can use domain acl’s in chown actions, so, shares is working good.

  3. Techgs says:

    Like other commentators,

    # chown -R root:"domain users" /data

    I get a chown: invalid group:´root:domain users´

    Whereas I get this output.

    [email protected]:/# wbinfo -g
    INTRANET\cert publishers
    INTRANET\ras and ias servers
    INTRANET\allowed rodc password replication group
    INTRANET\denied rodc password replication group
    INTRANET\enterprise read-only domain controllers
    INTRANET\domain admins
    INTRANET\domain users
    INTRANET\domain guests
    INTRANET\domain computers
    INTRANET\domain controllers
    INTRANET\schema admins
    INTRANET\enterprise admins
    INTRANET\group policy creator owners
    INTRANET\read-only domain controllers

    This because ubuntu can not find ‘domain users’ as Unix group. Now the question is how to import or map these groups as Unix group?

    I am also using Ubuntu – Server 16.04.2 LTS

  4. JM Moreno says:

    Is it possible to manage a Directories with spaces on Samba4 AD DC to Windows Clients?

    For example: MBE System (Directory)

  5. Shawn says:

    Hi, Nick. Although I don’t have a solution for the issue I had this problem installing the DC on a virtual Machine using Virtual Box.

    I reinstalled on a physical machine and I didn’t have this problem. Everything ran perfectly.

    So I assume this is some issue related to it being on a VM.

    Unfortunately I didn’t find a solution to the exact problem.

  6. Nick says:

    Hi Matei,

    I am having a similar issue to Shawn, where it will not let me set up permissions to the file for domain users. When I type:

    # chown -R root:"domain users" /share

    I get a chown: invalid group:´root:domain users´

    The issue is that I can’t get domain users to be accepted as a group. Winbind does not seem to be working, and I can’t seem to change it since this is the primary AD DC. What steps should I take to get groups to authenticate to a share, and allow them access to it?

    • Nick says:

      Also wbinfo -g doesn’t show any output, which leads me to believe that it isn’t resolving any domain groups.

  7. Hannes van Vuuren says:

    IMO this article shouldn’t be before the one about joining domain members. Hosting file shares and user home directories on a DC is convenient but not good practice from a network design perspective.

    The DC should specialize in controlling the domain (directory queries, authentication, serving GPOs) and not be burdened by other things. Better to create a separate Samba or Windows share server which authenticates against the DC.

    • Matei Cezar says:

      Did you read the final sentences from this guide? Quotes: “Configure Samba as a Domain member with file shares in order to achieve other capabilities for a network share”

  8. Shawn says:

    Hi I wanted to firstly say thank you for this tutorial. Excellent!

    I am having problems right in the beginning with this:

    # chown -R root:"domain users" /data

    I get a chown: invalid group:´root:domain users´

    I cant seem to get around it?

    • Matei Cezar says:

      What’s the ouput of wbinfo command for groups? how are groups displayed? with domain counterpart or alone? What distributin are you using?

      • Shawn says:

        Hi Matei,

        Running wbinfo -g shows me a list of groups including domain users. They are shown with my DOMAIN\group

        So in the case for the group looking to chown it is listed as follows: SPT\domain users.

        I am using Ubuntu 16.04.2

  9. Matei Cezar says:

    Linux hosts can be integrated into a samba AD DC and can fully use the authentication mechanism provided by the domain controller. But this is limited mostly on authentication only, other services or features of an AD (group policy for example) won’t apply in any way to Linux systems.

  10. Michael St. John says:

    Awesome man I was looking forward to this article. Question are you planing on creating an article to fully integrate Linux workstations into Active Directory authentication and all the other AD features like group policies etc. I know it will be very limited but what I am totally looking for is a centralized authentication mechanism for Windows and Linux.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *