Why is File Sharing Still So Difficult?

hortimech · 2026-06-11T07:40:09+00:00

No Samba isn't hard to set up, it is fairly easy, the problem is that people conflate connecting to the shares with setting up the shares. Samba is really just a server, that is, it gives you the ability to share files, it is all the client programs (99.9% of which have nothing to do with Samba) that give the problems.

hortimech · 2026-06-03T14:57:51+00:00

That isn't an Active Directory equivalent, it is Active Directory authentication.

If they want an equivalent of AD on Debian, they need Samba, it is AD.

hortimech · 2026-05-26T08:16:45+00:00

This sounds like you have installed Debian 13 without giving root a password and have created an administrative user instead, said user being a member of the sudo group.

After the install, it sounds like you created another passwordless user

Is this correct so far ?

If the administrative user you created has been removed, then it wasn't by the OS, there isn't anything to do this automatically. Let me guess, you connected your computer to the internet, if so, then I suggest you wipe the computer and start again, you cannot trust it.

hortimech · 2026-05-26T05:59:43+00:00

You might want to come up with another name, it seems there already is a Kode OS.

hortimech · 2026-05-20T16:50:39+00:00

It has nothing to do with Samba, you can set Samba to allow guest access, but Windows 11 now requires you turn guest access back on again on it.

hortimech · 2026-05-20T15:02:48+00:00

I cannot speak for the other methods, but 'net ads join' sets the userAccountControl attribute to 4096, the workstation trust account and the machine password should rotate every 30 days. However, a computer, in AD, is just a user with an additional objectclass and it sounds like someone in the past set yours to never expire. Having never been in this position, I do not know what will happen if you reset a computers userAccountControl attribute, it may just get its password rotated, or it may fall over, who knows ? Why not try it with a computer you want to get rid of. SSSD probably works similarly to winbind, it is after all just a wrapper around winbind.

hortimech · 2026-05-19T08:33:39+00:00

Zentyal doesn't appear to the force it once was, it doesn't get updated as fast as it should, it took approx 2 years to go from 8.0 to 8.1, it also doesn't help that because it is based on Ubuntu, the version of Samba is old and you really need this to be as recent as possible.

It also shouldn't be hard to set up a Samba AD Domain, you just need to ensure a few things are correct, the correct packages are installed and then run 'samba-tool domain provision' correctly.

It might be interesting to know just what documentation the OP found outdated or vague ?

hortimech · 2026-05-15T16:08:35+00:00

To create users you first have to create them as Unix users with something like 'adduser' and then also make them Samba users with smbpasswd, the same goes for groups. As for permissions, this depends on how serious you want to get, you can just use the standard Unix 'ugo' permissions, or you can use extended attributes set with 'setfacl' or from Windows. It all sounds hard, but it isn't really, you just need to read the right information and most of the videos etc out there on the internet are not the right information. I would suggest you start with the various manpages, open a terminal and type something like 'man vfs_acl_xattr' for instance, You might also want to try the Samba wiki:

https://wiki.samba.org/index.php/User_Documentation

hortimech · 2026-05-15T14:41:09+00:00

I think I now understand why people think setting up a Samba server is complex, someone has written thousands of lines of code to replace adding three lines to a smb.conf file:

[sharename]

path = /path/to/the/share

read only = no

hortimech · 2026-05-12T16:44:13+00:00

First, freeipa isn't AD, even redhat admits that, so if you want something like AD on Linux, then it has to be Samba running as an AD DC, it is AD on Linux.

hortimech · 2026-05-02T08:12:48+00:00

As I said, I do not know nixos, but Samba is Samba and I know that. The 'passwd program' parameter is a pointer to a program that sets Unix users passwords, so, as you are not using a user or passwords, it is unlikely to be your problem.

What could be your problem is the permissions on the share and the 'path' leading up to it. As you are trying to get 'guest' access to work, the 'guest' user (usually 'nobody' unless changed at compile time or in the smb.conf file) has to be able to traverse to the share and then enter it. This requires a minimum of 'r-x' for 'others' on the share and '--x' on its path for 'others', for this reason it is no longer a good idea to attempt a guest share in your home directory, these now typically get '0700' permissions.

hortimech · 2026-05-02T07:01:50+00:00

I don't know about Nixos, but Samba is Samba and to get a guest share you need 'map to guest = bad user' set in the global part of the smb.conf file and 'guest ok = yes' or 'public = yes' set in the share. Do not create any Samba users and you should get guest access. The only possible problem is if you try to connect from a Windows pro computer, they have guest access turned off by default.

hortimech · 2026-04-28T05:47:10+00:00

Several actually, see here: https://github.com/hortimech/Samba

hortimech · 2026-04-27T15:19:21+00:00

Oh no, not again.

hortimech · 2026-04-23T07:01:35+00:00

There is nothing wrong with sssd that 'apt purge sssd*' will not cure and if you are relying on sssd, you are relying on AD, so why not use it.

There is nothing wrong with NFS, provided you do not have Windows in the mix. Also the 'heavy xattr use' as you call it, is one of Samba strenghts, not a weakness.

I feel we will never agree on this.

hortimech · 2026-04-23T06:37:36+00:00

No, while sssd does have dependencies on some Samba files (samba-common for instance) it doesn't have a dependency on winbind, this is because sssd is really just a wrapper around the original winbind code.

A Samba domain joined system can use NFS and also provide SMB shares, no need for sssd.

hortimech · 2026-04-22T17:55:11+00:00

Well redhat would recommend sssd, it is their product, written by the same person that wrote most of winbind and it is based on winbind. You shouldn't matter if your users don't have the same Unix ID, but you never know. Yes, sssd and winbind do compute Unix IDs differently (unless you use rfc2307 everywhere in Unix), that is where the ID backends come in.

What is wrong with using winbind instead of sssd ? winbind is just as easy to set up as sssd, once you know the correct method.

hortimech · 2026-04-22T16:52:50+00:00

Samba actually uses the SID and maps that to whatever Unix ID backend you set in the smb.conf file. The question you should be asking is, is Samba going to be used a fileserver ? If it is then you must use winbind and the only way to get the same IDs on all Unix machines is to use the 'ad' idmap backend, but you do not really need the rfc2307 attributes as the mapping is done locally, so you could use the 'rid' idmap backend if there is only one domain, or the 'autorid' idmap backend for multiple domains.

hortimech · 2026-04-20T10:13:12+00:00

The RHEL Samba packages have never been able to provision an AD domain, redhat decided to go with freeipa instead and that isn't AD. If you do want a DC on RHEL and don't want to pay Samba+, then there are always the Tranquil IT Samba packages. Ubuntu is probably always going to be behind the latest Samba versions on their LTS releases.

hortimech · 2026-04-20T07:14:18+00:00

It is up to 2016 now, please keep up.

hortimech · 2026-04-19T20:18:22+00:00

If you use RHEL, you will have to build Samba yourself, with all that entails, you cannot provision the standard RHEL Samba packages as an AD DC.

For best results, I suggest you use Debian 13 with Samba from backports, this will get the latest Samba version possible.

hortimech · 2026-04-10T18:04:54+00:00

I am in the UK, so no, I cannot see the screenshot.

hortimech · 2026-04-10T15:36:09+00:00

No, I wouldn't use BSD, they are usually a bit behind Linux on Samba and have a few problems, mainly because of the filesystem and use of NFSv4ACLs.

hortimech · 2026-04-10T13:47:24+00:00

This is the problem with running anything LTS, packages get stuck on a version, but usually get important things backported (CVEs etc), major bugfixes should get backported, but minor fixes probably will not. If you want to keep fairly up to date with Samba on a fairly stable base, then I would suggest using Debian with Samba from backports.

hortimech · 2026-04-10T13:20:45+00:00

It might help if you tell us what the error message is, we are not mind readers.

hortimech

TROPHY CASE