Setting Up A Share on Samba4 Active Directory Domain Controller

Setting Up A Share on Samba4 Active Directory Domain Controller

In previous guides, we learnt how to install samba4 on a new debian server. We also learnt how to manage(add users, computers, GPO e.t.c) our samba4 active directory server using rsat on windows.

In previous guides, we learnt how to install samba4 on a new debian server. We also learnt how to manage(add users, computers, GPO e.t.c) our samba4 active directory server using rsat on windows.

In this guide, we will do some more by enabling  file sharing capabilities on samba4 active directory controller. This guide will aim to enable file sharing on the domain controller, much like on a windows domain controller.

Note: This may not be the best practice. I feel that it will be better to setup a seperate file server using samba4 or windows server flavors. However, we will go on with setting up a file share on our active directory server for a small office network. This will help anyone who has a small office or home office with limited hardware requirements or a tight budget to still setup a file server using the existing samba4 framework. This setup reminds us of what we have in zentyal domain controller where the domain controller can also serve as a file server. In a later guide, we will demonstrate how to set up a separate file server using samba.

 

Setting Up A Share on Samba4 Active Directory Domain Controller

The steps to enable a file share on samba4 active directory domain controller is fairly straightforward.

First, logon to your samba4 active directory domain cntroller and make these changes.

#su  .Enter admin privilege

#vim /etc/nsswitch.conf

Change the line group to winbind

 

Next, give rights to your domain admins to be able to manage shares. In samba terms, you are giving rights to SeDiskOperatorPrivilege

#net rpc rights grant “CAREHEALTH\Domain Admins” SeDiskOperatorPrivilege -U administrator

The -U flag specifies the user with administrative privilege for your domain. In mine, it is administrator.

grant domain admins rights to sediskoperatorprivilege

Now, make a directory called /Files

#Mkdir /Files

mkdir called files

Change the permissions the file will have to775. To better understand what this permission is, just agree that we have three classes of people. The owners, groups and others. The creator of a file is the owner and should have all permissions on that file.

The group refers to group of users who share the same privilege and permissions.

While others are the general public.

Now also note that read has a permission of 4, write a permission of 2 and execute a permisson of 1. Therefore giving someone a  7 means your have given them a read(4) + write(2) + execute(1) permission .

Now lets look at the 775 mentioned above. The first 7 is for Owner, the second 7 is for Group and the third 5 is for Others. So 775 should mean you give the Owner a read,write and execute permission, the Group a read,write and execute permission and every other person has the read and execute permission.

I hope this is fairly easy to grasp. Now lets give our /File folder the 775 permissions.

#Chmod 775 /Files

chmod our file

The chown command is another command that can help you change ownership of files and folders.

Since I created the /Files directory as root. The root is the owner of the files. But I may need to change ownership to domain users, for examples or domain admins e.t.c This is where the chown command comes in

#Chown -R root:”Domain Users” /Files

chown to change ownership of files

 

You should now go to #vim /etc/samba/smb.conf and add these lines below

[File Share]

Path = /Files

Read only = No

add file path to smb.conf

Restart your samba server

# /etc/init.d/samba restart

Login to a client machine with a domain user account

In windows explorer, type \\name of samba4 domain controller e.g \\ad-dc or \\ip address of domain controller

network share

 

You can see the files folder you shared on the network.

USE GPO TO MAP THE SHARED FOLDER TO USERS ON THE NETWORK.

Instead of manually connecting to the share we have created, we can map this share to all our users using active directory group policy object. Follow along as we accomplish this simple task.

Open up your GPO for the domain. Right Click the default Domain Policy and click Edit.

Click User Configuration and click on Preferences and then windows settings. Next Right Click on Drive maps and select New-> Mapped Drive.

In the new mapped drive property screen, select create for the action to be performed, enter in the location of your Files foler on the network using \\ad-dc\Files. Replace ad-dc with the name of your samba4 domain controller.

new mapped drive property

In the common tab, tick run in logged-on user’s security context.

Now click ok and restart your computer.

On login, click on computer and you should see your filles mapped to each user.

I feel we reached a point where we are now comfortable that the samba4 active directory server can rival microsoft server in a sense though.

Next we will look at home folder and folder redirection with samba.

Stay tuned to more tuts on samba4

 

 

 

 

 

Did You Enjoy What You Read? Sign Up To Our News Letter
I agree to have my personal information transfered to MailChimp ( more information )
Join over 1.000 visitors who are receiving our newsletter and learn how to design networks that work using open source technology and commercial offerings. Also learn how to proactively defend against security threats.
We hate spam. Your email address will not be sold or shared with anyone else.
Share This.