This is a test environment – Fedora 19 updated – Windows Server 2012 with only AD and DNS
After installing a SAMBA server on fedora 19 as a domain member – managed by a Windows Server 2012 (AD, DNS) – I can not access shares on Windows client machines.
On Windows 7 client I see the SAMBA server but can not access it. I don't get any prompt only an error.
By mounting the samba share on fedora machine , I can access to it and rights seem to work.
I have now spent 3 days to find a solution and I do not know if this is a problem of Samba configuration or on Windows clients
Some help would be great !
Here's how I did it:
yum install samba samba- winbind vim samba- winbind -client krb5-workstation krb5 -libs krb5 -auth -dialog
I created users and groups then I added to samba in this way :
pdbedit -a User1
The initialiation connecting to the Windows domain via kerberos is completed without problem :
kinit Administrateur@SILECKS.FR
klist
I joined the samba server to the Active Directory domain
net rpc join -U administrator
wbinfo -u & wbinfo -g returns me the right information
getent passwd & getent group also returns me the right information
Configuration files :
/etc/hosts
127.0.0.1 localhost localhost.localdomain SRVFEDORA.SILECKS SRVFEDORA
/etc/resolv.conf
nameserver 192.168.1.200
/etc/krb5.conf has been edited accordingly
/etc/samba/smb.conf
[global]
security = ADS
realm = SILECKS.FR
workgroup = SILECKS
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
winbind use default domain = yes
domain master = no
local master = no
prefered master = no
os level = 0
[homes ]
comment = Repertoire users
browseable = no
writeable = yes
[ Sharing ]
path = / share
browseable = yes
writeable = yes
printable = no
valid users = Administrator User1
[ public ]
Public comment = Repertoire
path = /public
public = yes
writeable = yes
printable = no
Nsswitch configuration
passwd : compat winbind
shadow: compat
group: compat winbind
# hosts: db files nisplus nis dns
hosts: files dns
bootparams : files
ethers : db files
netmasks : files
networks: files dns
protocols : db files
rpc : db files
services : db files
netgroup : files
# publickey : nisplus
automount : files
aliases : files
Best Answer
I found the solution after spending a few days working on it.
Considering that this was a test environment, the firewall on the server and client windows were disabled. SAMBA running on Fedora19, I cut iptables but not firewalld. (Which I was totally unaware of the existence ...)
Under Windows, I also had to change some registry keys:
HKLM \ SYSTEM \ CurrentControlSet \ Services \ LanmanWorkstation \ Parameters \ DomainCompatibilityMode = 1
HKLM \ SYSTEM \ CurrentControlSet \ Services \ LanmanWorkstation \ Parameters \ DNSNameResolutionRequired = 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ LanmanWorkstation \ Parameters \ RequireSecureNegociate = 0
Hope this will help someone.