I can access TW share from Mint & TW sees Mint computer, but cannot drill down any further. When setting up Samba through YaST I get this error;
“Error: failed to join domain: failed to find DC for domain workgroup undetermined error”
:bad::bad::bad:
If you’re using LDAP or AD Domain authentication,
Have you joined both your machines to the Domain?
(On openSUSE, you can do this easily using YaST).
If you don’t have an LDAP or AD Domain deployed, then you’re choosing the wrong authentication method.
TSU
All Greek to me? What should I enter in LDAP server URL or how would I trust a domain? Excuse my ignorance. I assume LDAP not needed, as for Active Domain, how do I farm correct domain info from Mint system. Have entered;
Domain: WORKGROUP
& Mint password, but cannot establish trusted domain.
Samba GUI falling over on Mint system, (yes I know!) Might have to edit dreaded config if “WORKGROUP” a security issue…
If you don’t have LDAP/AD installed,
Then the specified “Domain” should be your Workgroup name.
And, that of course will require a properly configured and working SAMBA Server configuration.
TSU
I assume you can edit the Samba config file in it. So let’s have a look at it all and see what’s happening, run this command:
cat /etc/samba/smb.conf
and then copy the outcome and paste it here.
Also, to get a notion about the users, run this command
sudo pdbedit -L
and paste the outcome of that command
And finally, to see what is travelling over the LAN, run this command
smbtree -N
and paste the outcome of that command
Thx for your help.
cat /etc/samba/smb.conf
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
security = domain
wins support = Yes
usershare max shares = 100
idmap gid = 10000-20000
idmap uid = 10000-20000
## Share disabled by YaST
# [homes]
# comment = Home Directories
# valid users = %S, %D%w%S
# browseable = No
# read only = No
# inherit acls = Yes
# guest ok = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
guest ok = Yes
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
sudo pdbedit -L
Returns null & void response.
smbtree -N
WORKGROUP
\\LINUX-IHRJ Samba 4.6.3-git.25.0c154becb13SUSE-oS13.3-x86_64
\\LINUX-IHRJ\ENVY_5540 ENVY_5540
\\LINUX-IHRJ\Officejet_Pro_6230 Officejet_Pro_6230
\\LINUX-IHRJ\IPC$ IPC Service (Samba 4.6.3-git.25.0c154becb13SUSE-oS13.3-x86_64)
\\LINUX-IHRJ
etlogon Network Logon Service
\\LINUX-IHRJ\print$ Printer Drivers
\\LINUX-IHRJ\groups All groups
\\LINUX-IHRJ\users All users
\\LINUX-IHRJ\profiles Network Profiles Service
That shows the Tumbleweed configuration with changes half configured, kind of broken. I suggest you get rid of the “domain” configuration and switch on a configuration for a simple “workgroup”. And within that I suggest turn on the “users” share which will give you access to the filesystem tree of your user files. As it stands, you have turned-off the “users” share.
Do you want to proceed along those lines?
You have my attention, please proceed.
So, all that is needed is to edit Samba config file? I tried entering what thought sensible into all the Samba GUIs, though there are at least three if not four. But maybe the magic source is the config file proper?
I’m at work and can make a series of suggestions during the day when I get time.
Have a read of this: https://forums.opensuse.org/content.php/199-Configure-Samba-for-Local-Lan-Workgroup
Or during aussie daylight hours this (which is very old):http://swerdnaoz.ddns.net/suselanprimer.html
Or this (which too is very old): http://swerdnaoz.ddns.net/susesambaserver.html
Everything hinges on the configuration file. Just in case of errors down the track it is wise to make a backup with this command:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
You can edit the samba config file using either kwrite (if you use KDE) or gedit (for Gnome), either of these commands:
kdesu kwrite /etc/samba/smb.conf
or
gnomesu gedit /etc/samba/smb.conf
After that the first task is to use editor to make samba into a “workgroup” setup:
Change the [global] stanza from this:
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
security = domain
wins support = Yes
usershare max shares = 100
idmap gid = 10000-20000
idmap uid = 10000-20000
to this
[global]
workgroup = WORKGROUP
netbios name = Tumbleweed
server string =
name resolve order = bcast host lmhosts wins
local master = yes
os level = 65
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
usershare allow guests = Yes
Make the workgroup name (e.g. WORKGROUP) to be exactly the same in all computers, windows and Linux.
Make the netbios name to be something you like (e.g. Tumbleweed).
I ran those last two commands on my SUSE box, I notice you said to run them on my Mint box?
Yes. A mistake. I’ve looked back and edited a few of the “mint” errors out.
While I’m here, let’s look at editing to allow access to the user file system.
Delete these “shares” completely (you can always go back and get them from the backup later if you feel the need):
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
guest ok = Yes
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
These are kind-of different ways to do the same thing, so just dump them and focus on the “user” share (below)
Change this:
## Share disabled by YaST
# [homes]
# comment = Home Directories
# valid users = %S, %D%w%S
# browseable = No
# read only = No
# inherit acls = Yes
# guest ok = Yes
This looks like you were trying to change the original structure with the GUI in Yast (really tricky).
Change it back to the default, like so:
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
That will share only to the real user, others will be blocked. You can leave it like that and use credentials to get in or you can edit it to allow guests to get in without credentials. Which would you prefer?
Work’s over in Oz.
Now to finalise:
If you use the share I left in the last post, you will need to create a password for the user who owns the user file system. Suppose your user name is donald. You will generate credentials with this command:
sudo smbpasswd -a donald
and the response should be like this:
donald@trump:~> sudo smbpasswd -a donald
New SMB password:
Retype new SMB password:
Added user donald.
donald@leap422:~>
Samba password can be different from the user password that donald has for normal user purposes.
Now when you access files other LAN computers, use that Samba password.
When you access for the first time (e.g. from Windows 10) the share might be invisible because you put in the line
browseable = No
So use this in windows to get in:
\
etbiosname\\donald
and the similar from Mint would be:
//netbiosname//donald
or in, say, Dolphin
smb://netbiosname//donald
.
To round off the process I recommend you look at these issues:
These four issues are covered at the bottom of this Article: https://forums.opensuse.org/content.php/199-Configure-Samba-for-Local-Lan-Workgroup
Well okey dokey then. If that donna get I’ze upz & running I’ze eatz me hatz.
Will digest when getz some time to thinkz 
.
Got a bit of spare time to concentrate;
SUDO_EDITOR=kwrite /etc/samba/smb.conf
This does not work even as su -
Permission denied.
I’m assuming you are using KDE. The “kdesu” command does not work outside of KDE.
The command I recommended to run is:
kdesu kwrite /etc/samba/smb.conf
That code is the age old recommended method, and if it doesn’t work for you then either your Tumbleweed has a bug or you have typed a typo or the file smb.conf no longer exists.
An alternative is this command line code:
su -c "dbus-launch /etc/samba/smb.conf"
Both of the versions above work for me, but I’m using 42.2, not Tumbleweed. Try the first, then the second, and if neither work I will show you a third method for opening the Kwrite editor
FWIW comments…
This thread may be leading up to the recently discussed (another thread) issue that upstream KDE doesn’t permit Kwrite to edit files with elevated permissions (requires workaround). After a few weeks, our openSUSE TW maintainers decided to over-ride this upstream configuration and again allow “kdesu kwrite.” So readers should know that they need a version of TW either earlier or later if “kdesu kwrite” doesn’t work. Or, use a non-graphical editor like vim, emacs, nano, etc.
Nowadays, I’d generally prefer hostname resolution instead of netbios name resolution. NetBIOS name resolution was default in SAMBA 3, hostname resolution is default in SAMBA 4. Why?
After describing all the above reasons for configuring hostname resolution instead of NetBIOS name resolution, there may be a reason you’d want to configure the latter anyway…
If you want to configure a naming system that’s not Internet routable. Although it’s not a particularly good security method, it might be all you’d want to do to keep your network shares in your private network, inaccessible by outside networks using Internet standards.
IMO,
TSU