ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Windows Networking (Samba)

Your ClearOS system provides network and file serving capabilities for a Windows network. Among other tasks, you can use the software for domain control, file storage and sharing printers.

Installation

If you did not select this module to be included during the installation process, you must first install the module.

You can find this feature in the menu system at the following location:

Server|Windows Networking|Windows Settings

Configuration

Global Settings

Server Name

This is a one-word descriptive name of the system, for example: clearserver

Server Comment

This is a short description of the server. When connecting to this system, this short description might be shown to guide end users on the purpose of the system. An example: File and Print Server for Toronto

Printing

This option only appears if you have installed the Advanced Print Server.
If you have a printer attached to your ClearOS system, you can share it via Windows networking. There are two supported modes:

  • Raw - drivers must be installed on client system
  • Point and Click - drivers must be configured using the Advanced Print Server

Home Directories

Select if you want to enable user's Home directories. This is their own private file space kept on the the server.

Force SMB1 Protocol (was Windows 10 Domain Logons)

This limits Samba to using the SMB1/NT1 protocol. It used to be required to allow Windows 10 machines to log on to the domain but is no longer required since samba was upgraded to version 4.7.1. If you have the parameter set, then, since the Windows 10 1709 update, you will have to enable SMB1 in Windows. Once you disable this parameter, it will disappear from the Webconfig.

Using SMB1 is now considered a security vulnerability and was leveraged by the WannaCry ransomeware (and its variants)

You can now stop samba from using SMB1 by adding a line to /etc/samba/smb.conf:

server min protocol = SMB2

Only Windows XP or earlier requires you to use SMB1.

Since the Fall Creators Update (1709), Windows 10 is no longer shipping with the SMB1.0 protocol enabled. Without SMB1.0 support in Windows and with “Force SMB1 Protocol” enabled you will not be able to join a ClearOS Domain or share files in Simple File Sharing mode with Windows 10. Please disable this setting or see the Tips and Tricks section below for the fix

If you really want to force SMB1 after it has disappeared from the Webconfig, you can add the following line to the [Global] section of /etc/samba/smb.conf:

server max protocol = NT1

WINS Support / WINS Server

Even for small networks, we recommend using WINS for your Windows networks. Among other things, this helps Windows systems find each other using system names (for example, browsing through the old Network Neighborhood). You can either enable the WINS server on your ClearOS system, or you can specify an IP address of an existing WINS server on the network. Don't try and set both. It is one or the other or neither.

Mode

ClearOS supports two modes for your network. Simple Mode and Primary Domain Controller / PDC mode.

Simple Mode

This mode should be used for creating a basic file and print server. Features such as network logons, logon scripts, and roaming profiles are disabled. In order to access file shares, a client system can connect to the ClearOS system using standard file manager tools.

Windows Domain - the Workgroup name used in Windows

Primary Domain Controller / PDC

When configured as a primary domain controller, the following parameters must be specified:

Windows Domain - the domain name, for example: Toronto, when in PDC mode.

Roaming Profiles - the state of roaming profile support for all users.

Logon Drive - the drive letter used for the user's network drive on the ClearOS system. This drive maps to the /home/username directory on the ClearOS file system.

Logon Script - the script to execute when a user logs into the domain. You can upload this script to the netlogon directory by logging into your Windows workstation as the Windows administrator (winadmin) and connecting to your ClearOS netlogon share (Start » Run » \\servername\netlogon).

If you are trying to run a logon script in Windows 10, please refer to the Add a Windows Workstation to a Samba Domain document.

Administrator Account

The winadmin account is used for the Windows domain administrator. Among other things, this account is used to add computers to the ClearOS domain. Follow the link to change the password for this account.

Computers

Shows all the members of the domain. In Simple Server mode it just shows the server; in PDC mode it shows all domain members. Domain member computers can be removed from here.

Do not delete the ClearOS server from this section

If you do delete the server from the domain, it can be re-added by changing its password!

Tips and Tricks

Windows 7 and later Registry Changes

Windows 7/8/10 systems can be joined to a ClearOS Domain Controller by adding or changing two registry settings. Please see the Windows 7 and later Registry Changes to join a domain section of the Add a Windows Workstation to a Samba Domain HowTo.

If you get a message “The following error occurred attempting to join the domain. The specified domain does not exist or could not be contacted”, you have probably skipped or made a mistake with this step.

Joining a machine to the domain often fails first time, but, if you look in the Windows Networking screen you may find the machine has been added to the list. Just do the join a second time and you should succeed.

To run logon scripts in Windows 10, please see the windows_10_registry_changes_to_run_logon_scripts section of the Add a Windows Workstation to a Samba Domain HowTo.

Windows 7

Just after you have joined the Windows 7 system to the domain, you will see the following warning message:

Changing the Primary Domain DNS name of this computer to "" failed.
The name will remain "MYDOM".  The error was:
  
The specified domain either does not exist or could not be contacted

You can ignore this message. Also note: there is a hotfix available from Microsoft to address this issue, see Knowledge Base article for details.

Windows 10 - Enabling the SMB1 protocol

Windows 10, since the Fall Creators Update (1709), is no longer shipping with SMB 1.0 support enabled. This means that if you have enabled “Force SMB1 Protocol”, Windows 10 machines can no longer access Windows Networking (Samba) Domains or Flexshares. If you try to join a ClearOS Domain you may get the following popup:

https://clearos.com/dokuwiki2/lib/exe/fetch.php?media=content:en_us:7_ug_samba_no-smb1.png

Please do not enable SMB1.0 in Windows 10 if you can avoid it. By preference, please disable “Force SMB1 Protocol” in Windows Networking.

If you still want to enable SMB1.0 in Windows 10, the link takes you to this Microsoft document. To enable SMB1.0 support see this Microsoft document or just go Control Panel > Programs and Features > “Turn Windows Features on and off” then scroll down to SMB 1.0/CIFS File Sharing Support and enable it. You will need to reboot afterwards. There is also a PowerShell method in the document.

Troubleshooting

Stuck Initialising

In order to initialise, if ClearOS is in Gateway mode, at least one LAN interface has to be connected (even if only to a switch) or it will get stuck in a loop. This can be avoided either by connecting something active (not just a cable) to the LAN interface or putting ClearOS temporarily into Standalone mode, initialising then putting it back into Gateway mode.

Network Neighborhood

Due to a feature in Microsoft networking, you may not see the ClearOS system in Network Neighborhood right away; sometimes it takes several minutes to appear.

Make sure the PC's workgroup and ClearOS workgroup match and the ClearOS DHCP server is configured to hand out its LAN IP as the WINS Server.

You can directly access the share by typing in the UNC path for the server in the Run section of your workstation.

  • Click on Start|Run
  • Type in \\serverIPaddress (for example \\192.168.1.1)
  • Click OK or press Enter.

Another good tool for troubleshooting problems in Windows is nbtstat. This tool will allow you to look and validate the name of your server and the domain as it appears to the network. If your server's address is 192.168.1.1 you could do the following:

nbtstat -A 192.168.1.1

If you are using Windows 10 version 1803 or later, check out the Browsing the Network Neighbourhood section of this forum post

Logon Script not working

If your logon script does not work, please check that it is owned by winadmin:domain_users and has 755 permissions:

chown winadmin:domain_users /var/samba/netlogon/logon.cmd
chmod 755 /var/samba/netlogon/logon.cmd

Was the logon.cmd file created with a Windows editor so it contains the correct line termination characters ()?

Did you do the required registry changes before joining the domain? If not, leave the domain, do the registry changes and rejoin the domain. Just doing them as the winadmin user while joined to the domain will not work.

content/en_us/7_ug_samba.txt · Last modified: 2018/11/01 05:25 by NickH

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A7_ug_samba&1544994527