Active Directory Integration

Accessing a Samba Share

Another, use for Samba is to integrate into an existing Windows network. Once part of an Active Directory domain, Samba can provide file and print services to AD users. For details on how to join a domain, see the SSSD and Active Directory chapter of this guide.

Once part of the Active Directory domain, enter the following command in the terminal prompt:

sudo apt install samba cifs-utils smbclient

Next, edit /etc/samba/smb.conf changing:

   workgroup = EXAMPLE
   ...
   security = ads
   realm = EXAMPLE.COM
   ...
   idmap backend = lwopen
   idmap uid = 50-9999999999
   idmap gid = 50-9999999999

Restart samba for the new settings to take effect:

sudo systemctl restart smbd.service nmbd.service

You should now be able to access any Samba shares from a Windows client. However, be sure to give the appropriate AD users or groups access to the share directory. See Securing File and Print Server for more details.

Accessing a Windows Share

Now that the Samba server is part of the Active Directory domain you can access any Windows server shares:

  • To mount a Windows file share enter the following in a terminal prompt:

    mount.cifs //fs01.example.com/share mount_point

    It is also possible to access shares on computers not part of an AD domain, but a username and password will need to be provided.

  • To mount the share during boot place an entry in /etc/fstab, for example:

    //192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0        0

  • Another way to copy files from a Windows server is to use the smbclient utility. To list the files in a Windows share:

    smbclient //fs01.example.com/share -k -c "ls"

  • To copy a file from the share, enter:

    smbclient //fs01.example.com/share -k -c "get file.txt"

    This will copy the file.txt into the current directory.

  • And to copy a file to the share:

    smbclient //fs01.example.com/share -k -c "put /etc/hosts hosts"

    This will copy the /etc/hosts to //fs01.example.com/share/hosts.

  • The -c option used above allows you to execute the smbclient command all at once. This is useful for scripting and minor file operations. To enter the smb: \> prompt, a FTP like prompt where you can execute normal file and directory commands, simply execute:

    smbclient //fs01.example.com/share -k

Note

Replace all instances of fs01.example.com/share, //192.168.0.5/share, username=steve,password=secret, and file.txt with your server’s IP, hostname, share name, file name, and an actual username and password with rights to the share.

Resources

For more smbclient options see the man page: man smbclient, also available online.

The mount.cifs man page is also useful for more detailed information.

The Ubuntu Wiki Samba page.

Last updated 5 months ago. Help improve this document in the forum.