Windows Networking (Samba)
Your ClearOS system provides network and file serving capabilities for a Windows network. Among other tasks, you can use the software for domain control, file storage and sharing printers.
Installation
If you did not select this module to be included during the installation process, you must first install the module.
Menu
You can find this feature in the menu system at the following location:
Configuration
Global Settings
Server Name
This is a one-word descriptive name of the system, for example: clearserver
Server Comment
This is a short description of the server. When connecting to this system, this short description might be shown to guide end users on the purpose of the system. An example: File and Print Server for Toronto
Printing
This option only appears if you have installed the Advanced Print Server.
If you have a printer attached to your ClearOS system, you can share it via Windows networking. There are two supported modes:
- Raw - drivers must be installed on client system
- Point and Click - drivers must be configured using the Advanced Print Server
Home Directories
Select if you want to enable user's Home directories. This is their own private file space kept on the the server.
Force SMB1 Protocol (was Windows 10 Domain Logons)
This limits Samba to using the SMB1/NT1 protocol. It used to be required to allow Windows 10 machines to log on to the domain but is no longer required since samba was upgraded to version 4.7.1. If you have the parameter set, then, since the Windows 10 1709 update, you will have to enable SMB1 in Windows. Once you disable this parameter, it will disappear from the Webconfig.
server min protocol = SMB2
Only Windows XP or earlier requires you to use SMB1.
server max protocol = NT1
WINS Support / WINS Server
Even for small networks, we recommend using WINS for your Windows networks. Among other things, this helps Windows systems find each other using system names (for example, browsing through the old Network Neighborhood). You can either enable the WINS server on your ClearOS system, or you can specify an IP address of an existing WINS server on the network. Don't try and set both. It is one or the other or neither.
Mode
ClearOS supports two modes for your network. Simple Mode and Primary Domain Controller / PDC mode.
Simple Mode
This mode should be used for creating a basic file and print server. Features such as network logons, logon scripts, and roaming profiles are disabled. In order to access file shares, a client system can connect to the ClearOS system using standard file manager tools.
Windows Domain - the Workgroup name used in Windows
Primary Domain Controller / PDC
When configured as a primary domain controller, the following parameters must be specified:
Windows Domain - the domain name, for example: Toronto, when in PDC mode.
Roaming Profiles - the state of roaming profile support for all users.
Logon Drive - the drive letter used for the user's network drive on the ClearOS system. This drive maps to the /home/username directory on the ClearOS file system.
Logon Script - the script to execute when a user logs into the domain. You can upload this script to the netlogon directory by logging into your Windows workstation as the Windows administrator (winadmin) and connecting to your ClearOS netlogon share (Start » Run » \\servername\netlogon). Alternatively you can find it in /var/samba/netlogon.
Administrator Account
The winadmin account is used for the Windows domain administrator. Among other things, this account is used to add computers to the ClearOS domain. Follow the link to change the password for this account.
Computers
Shows all the members of the domain. In Simple Server mode it just shows the server; in PDC mode it shows all domain members. Domain member computers can be removed from here.
Tips and Tricks
Windows 7 and later Registry Changes
Windows 7/8/10 systems can be joined to a ClearOS Domain Controller by adding or changing two registry settings. Please see the Windows 7 and later Registry Changes to join a domain section of the Add a Windows Workstation to a Samba Domain HowTo.
To run logon scripts in Windows 10, please see the windows_10_registry_changes_to_run_logon_scripts section of the Add a Windows Workstation to a Samba Domain HowTo.
Windows 7
Just after you have joined the Windows 7 system to the domain, you will see the following warning message:
Changing the Primary Domain DNS name of this computer to "" failed. The name will remain "MYDOM". The error was: The specified domain either does not exist or could not be contacted
You can ignore this message. Also note: there is a hotfix available from Microsoft to address this issue, see Knowledge Base article for details.
Windows 10 - Enabling the SMB1 protocol
Windows 10, since the Fall Creators Update (1709), is no longer shipping with SMB 1.0 support enabled. This means that if you have enabled “Force SMB1 Protocol”, Windows 10 machines can no longer access Windows Networking (Samba) Domains or Flexshares. If you try to join a ClearOS Domain you may get the following popup:
If you still want to enable SMB1.0 in Windows 10, the link takes you to this Microsoft document. To enable SMB1.0 support see this Microsoft document or just go Control Panel > Programs and Features > “Turn Windows Features on and off” then scroll down to SMB 1.0/CIFS File Sharing Support and enable it. You will need to reboot afterwards. There is also a PowerShell method in the document.
Apple MAC - connecting network drives
Open Finder then hit command+k to access the 'Connect to Server' dialog box. In the field, type something like
cifs://192.168.20.1
replacing the IP address used with the one of your LAN interface IP of your ClearOS server if using Gateway Mode or your External interface IP if using 'Standalone' mode. It will give you a dialog for username and password, supply that and it will give you a list of shares, you can select multiple shares.
Troubleshooting
Stuck Initialising
In order to initialise, if ClearOS is in Gateway mode, at least one LAN interface has to be connected (even if only to a switch) or it will get stuck in a loop. This can be avoided either by connecting something active (not just a cable) to the LAN interface or putting ClearOS temporarily into Standalone mode, initialising then putting it back into Gateway mode.
Network Neighborhood
Due to a feature in Microsoft networking, you may not see the ClearOS system in Network Neighborhood right away; sometimes it takes several minutes to appear.
Make sure the PC's workgroup and ClearOS workgroup match and the ClearOS DHCP server is configured to hand out its LAN IP as the WINS Server.
You can directly access the share by typing in the UNC path for the server in the Run section of your workstation.
- Click on
Start|Run - Type in \\serverIPaddress (for example \\192.168.1.1)
- Click OK or press Enter.
Another good tool for troubleshooting problems in Windows is nbtstat. This tool will allow you to look and validate the name of your server and the domain as it appears to the network. If your server's address is 192.168.1.1 you could do the following:
nbtstat -A 192.168.1.1
If you are using Windows 10 version 1803 or later, check out the Browsing the Network Neighbourhood section of this forum post
Logon Script not working
If your logon script does not work, please check that it is owned by winadmin:domain_users and has 755 permissions:
chown winadmin:domain_users /var/samba/netlogon/logon.cmd chmod 755 /var/samba/netlogon/logon.cmd
Was the logon.cmd file created with a Windows editor so it contains the correct line termination characters (
Did you do the required registry changes before joining the domain? If not, leave the domain, do the registry changes and rejoin the domain. Just doing them as the winadmin user while joined to the domain will not work.