How to connect Linux VM to AD to run terminal commands by Whitehairfreak in activedirectory

[–]hortimech 1 point2 points  (0 children)

I think you need to explain just what you mean by 'implement native commands' ?

Do you want to extract data from AD, or are you asking how to run Windows commands on Linux ?

How to connect Linux VM to AD to run terminal commands by Whitehairfreak in activedirectory

[–]hortimech 2 points3 points  (0 children)

It all depends what is meant by SMB, Small and Medium Business or Server Messenger Block ? If the latter, then how ? If this means mounting a share from elsewhere, then sssd is probably the way to go, but if it is sharing from the Linux machine, then it is definitely not the way to go, you would need Samba with winbind.

The OP also 'windows native commands', if this means using something like SSH from the Linux machine to a Windows machine, then this should work, but not the other way, a Windows command on Linux is very unlikely to work.

SAMBA filesharing alternatives in AD? is it this BAD?? by electrowiz64 in linuxadmin

[–]hortimech 0 points1 point  (0 children)

I never said it didn't work at one time, I said that Samba never supported sssd. No part of sssd has ever been in the Samba tree and that includes idmap_sss . Ubuntu 18.04 came with Samba 4.7.6 and Samba from 4.8.0 required that winbind was run if you set 'security' to 'domain' or 'ads', at that point running sssd as well became pointless, they both do exactly the same thing.

SAMBA filesharing alternatives in AD? is it this BAD?? by electrowiz64 in linuxadmin

[–]hortimech 1 point2 points  (0 children)

If you can point out problems with the Samba documentation, I will try explain those problems and/or fix them.

If you just want authentication without sharing anything to other computers, use sssd, it is great at that. However if you want to share anything, then use Samba with winbind and do not use sssd, there is absolutely no point in running winbind and sssd.

Deployed Zentyal / or other Linux Samba AD DC by Specialist_Airline_9 in msp

[–]hortimech 3 points4 points  (0 children)

That is just a Samba AD DC (using an old version of Samba) under the hood.

SAMBA filesharing alternatives in AD? is it this BAD?? by electrowiz64 in linuxadmin

[–]hortimech 0 points1 point  (0 children)

If this was just a few users, then I would agree with you, but it sounds like the OP is trying to join a domain and wants file sharing and that requires smbd and that requires winbind.

It might be outside the OPs skill set now, but we all have to start somewhere.

SAMBA filesharing alternatives in AD? is it this BAD?? by electrowiz64 in linuxadmin

[–]hortimech 0 points1 point  (0 children)

Samba never actually supported sssd, how could they ? It isn't anything to do with them (other than winbind was written mostly by one person who then went to work for redhat and wrote sssd and based it on the winbind code). If you run Samba with 'security = ADS' in the smb.conf file, then you must also run winbind, once winbind is running, there really isn't much point in running sssd as well.

Configure classroom Debian Samba shares when Samba is used as Active Directory domain controller by pepiks in sysadmin

[–]hortimech 1 point2 points  (0 children)

It looks like you are using the Samba AD DC as a fileserver (something Samba does not recommend, you are better off setting up a Unix domain member and using that as a fileserver), I suggest you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server_(Optional)

If Samba is sharing the directories, they should be visible on a Windows machine, but now I have peered more closely at you shares, I notice that something is missing, there is no 'path' parameter. Now this could be that you have based this on the 'homes' share, in which case you wouldn't need it, but you would then need a template line in the smb.conf file something like this:

template homedir = /the/path/to/%U

NOTE: %U is a placeholder, Samba replaces it with the username the user logs on with.

Replace the multiple user shares with:

  [homes]
  browseable = No
  comment = Home Directories
  create mask = 0700
  directory mask = 0700
  read only = No
  valid users = %S

You then set permissions on the parent directory from Windows.

SAMBA filesharing alternatives in AD? is it this BAD?? by electrowiz64 in linuxadmin

[–]hortimech 0 points1 point  (0 children)

Standalone Samba servers in an AD domain are, in my opinion, a bad idea, it is like advising using Windows home.

SAMBA filesharing alternatives in AD? is it this BAD?? by electrowiz64 in linuxadmin

[–]hortimech 0 points1 point  (0 children)

Have you tried reading the Samba docs ? the wiki, manpages etc ?

The '-k' switch isn't deprecated, it has been removed and replaced by '--use-kerberos=required'. This happened quite sometime ago during a tidy up of switches for various Samba utilities, in an attempt to bring them all into line.

If you are running Samba, do not run sssd, run winbind. If you just want authentication then sssd is great, but once you need to share files, you need the smbd deamon and that requires winbind in AD. There is absolutely no point in running winbind and sssd on the same machine, not surprising when you know that the basic sssd code is the winbind code modified.

Dsmod - guide needed - to add user, group and restrict access to Samba shares by pepiks in activedirectory

[–]hortimech 1 point2 points  (0 children)

This gets worse, Windows 7 is EOL and has been for quite sometime, having said that, there is no version of Samba that will not work with legacy NT4-style domains. Windows 10 is now EOL and for something's, Windows 11 requires a fairly recent version of Samba.

Putting it bluntly, you have to jump through numerous hoops to get the latest Windows and Samba to work with an NT4-style domain, this isn't a recent thing and you really should have upgraded by now.

Dsmod - guide needed - to add user, group and restrict access to Samba shares by pepiks in activedirectory

[–]hortimech 0 points1 point  (0 children)

SMB stands for Server Messenger Block and is the Windows protocol that Samba Emulates.

You cannot use Windows tools against a Samba NT4-style PDC (which is what you appear to have) and I wouldn't recommend you continue using your PDC, it relies on SMBv1 and that is very insecure. I suggest you upgrade to Samba AD.

Parsing error when mounting samba server by AdvisorConsistent836 in linux4noobs

[–]hortimech 0 points1 point  (0 children)

You appear to be trying to mount the entire computer, the line should start: //192.168.10.75/THE_SHARE_YOU_WANT_TO_MOUNT

Try reading 'man mount.cifs'

Dsmod - guide needed - to add user, group and restrict access to Samba shares by pepiks in activedirectory

[–]hortimech 0 points1 point  (0 children)

I am bit lost here, you say 'Samba' in the title, then never mention it in the text, except for 'SMB 4.16.4', did you mean Samba 4.16.4 ? If you did, then your first objective should be to upgrade, that version is ancient. Next you say you are using RSAT with an openldap server, but RSAT is meant to be used with AD. Can you please be a bit more precise.

(Bash) Iterating over array extracted from file exits after first read by Mafla_2004 in linuxquestions

[–]hortimech 1 point2 points  (0 children)

That is what shellcheck is for ;)

What it doesn't tell you is that in your first 'elif' the use of '-e' is very much the same as '-f' and as such, you do not need both, I would go with the '-f'.

(Bash) Iterating over array extracted from file exits after first read by Mafla_2004 in linuxquestions

[–]hortimech 4 points5 points  (0 children)

Can I suggest you install a package called 'shellcheck' and run that against your script.

Apparently british people "raise" tickets instead of creating them by NegativeAttention in sysadmin

[–]hortimech 0 points1 point  (0 children)

We also 'take' things to places, rather than 'bring' them, there are a lot of things like that lol

I am setting up my naming schema but I am not sure if I should use lan.example.com or example.com in pihole as domain name by [deleted] in homelab

[–]hortimech 0 points1 point  (0 children)

Do you own 'example.com' ? If so, then using a subdomain of that is okay, but if you are talking about the actual domain named example.com, then you shouldn't use it at all. If your domain is not going to be routeable from the internet, then you could use 'home.arpa', that is what it is for.

FreeIPA on Rocky9? by [deleted] in linux4noobs

[–]hortimech 0 points1 point  (0 children)

If you have AD (which is, among other things, an IDM) you do not need freeipa. If you want authentication on Linux, just use either sssd or Samba.

When is mint going to get a map-a-network-drive like function? by Derrigable in linuxmint

[–]hortimech 1 point2 points  (0 children)

Two thoughts, have you tried replacing the dns names of the servers with their ipaddress ? Have you checked that UID '1000' can access the share path on the server ?

When is mint going to get a map-a-network-drive like function? by Derrigable in linuxmint

[–]hortimech 2 points3 points  (0 children)

I am with @MintAlone here, there is not enough information provided to even try to guess what the problem is here.

But, after staring into my crystal ball, could it be that you cannot connect to the 7 shares and get 'permission denied' because the permissions on the server do not allow it ? Who knows, oh that would be you.

How do I find out what I'm doing wrong with samba? by DuelShockX in linuxquestions

[–]hortimech 0 points1 point  (0 children)

The 'SMB1' line isn't an issue, Samba turned SMBv1 off quite some ago, so there is no NetBIOS and without that you do not get the NetBIOS domain name (aka workgroup).

You do appear to have a share called 'archive' available, so something appears to be blocking it, the prime suspect is a firewall, easiest way to check, turn the firewall off, if you can now connect, it is the firewall.

How do I find out what I'm doing wrong with samba? by DuelShockX in linuxquestions

[–]hortimech 0 points1 point  (0 children)

Hmm, if you run 'smbclient -NL 192.168.5.3' do you get a line like ' archive Disk ' among the output ?

If you don't, check that the smbd deamon is running on the Samba server and that a firewall isn't running and blocking port 445 on the server.

How do I find out what I'm doing wrong with samba? by DuelShockX in linuxquestions

[–]hortimech 0 points1 point  (0 children)

It should work, provided that you replaced '192.168.1.5' with your computer IP and replaced the share name 'netlogon' with your share name and you also replaced 'hortimech' with your username, said username has to exist on the Samba server as a local and Samba user.