samba
2022-09-29


All things micro$$oft suck ass. AD and SMB are no exceptions.
Active Directory (AD) is "a directory service for Window$$ domain networks", essentially used for identity management
You can think of it as a Window$$-centric authentication and authorization service.
SMB is a file sharing protocol pushed out with Window$$ OS.
Samba is the interoperability suite to utilize this insanity on some sane OS.

As per usual, more info on ArchWiki:
<a href="https://wiki.archlinux.org/title/Samba">https://wiki.archlinux.org/title/Samba</a>

Extensive docs are out there:
<a href="https://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf">https://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf</a>

If all you need to do is access files over SMB, your best bet is to use `gvfs-smb` and save yourself a headache of trying to figure out how it all works.
`gvfs-smb` allows you to connect and nicely browse shares with file managers like Nemo or Nautilus.
You have to know the IP address or DNS name of your share.
Simply type it in with "smb://" protocol prefix as a location in Nemo and you'll be prompted for credentials to access the share.
SMB also allows for sharing printers somehow, but I've never tried it.

If you need to play with AD a little bit more, read on.
Then refer to this ArchWiki page:
<a href="https://wiki.archlinux.org/title/Active_Directory_integration">https://wiki.archlinux.org/title/Active_Directory_integration</a>

A few configuration details you'd like to note down: NetBIOS domain name, DNS domain name, Kerberos realm, DC1 (hostname/IP), DC2, etc.

To set up your DNS - change `/etc/resolv.conf` according to the template:
<pre>
nameserver [DC1 IP]
nameserver [DC2 IP]
search [internal.domain.tld]
</pre>

Test it with:
$ nslookup -type=SRV _kerberos._tcp.internal.domain.tld.
$ nslookup -type=SRV _ldap._tcp.internal.domain.tld.
$ nslookup dc1.internal.domain.tld.

For Kerberos it may be neccessary to modify `/etc/krb5.conf` if authentication doesn't work properly.

Configuring samba cosists of a few steps, but I won't go into details: basic config, disabling printers, UID/GID mapping config, NSS config for UID/GID mapping.
You may need to run these services: `smb.service`, `nmb.service`, (optional) `winbind.service`.
Again, consult references linked above for more information.

To join a domain try:
$ net ads join -U [username]

or:
$ samba-tool domain join [internal.domain.tld] MEMBER -U [username]

A few commands for testing:

$ net ads info
$ net ads lookup
$ net ads status -U [username]

$ wbinfo -u
$ wbinfo -g
$ wbinfo --ping-dc

Now some more SMB commands.
In case you didn't like `gvfs-smb` that I suggested, you may have shot at using `smbclient`.

Listing:
$ smbclient -L "\\12.23.34.45" -U [username]

Connecting:
$ smbclient "//12.23.34.45/DIRECTORY" -U [username]

I honestly don't know about the slashes here.
Micro$$oft is always going backwards so they prefer backslashes.
Anything else would escape on a backslash.
How does it mix in your shell? IDK, just try it I guess ¯\_(ツ)_/¯