Active Directory File Sharing
Users on an Active Directory corporate network are used to being able to create ad-hoc shared directories on their machines. These ad-hoc shared directories allow them to solve their own work needs and workflows without involving administrators to set up purpose built file shares on central servers. When the local machine is joined to an active directory, then users can specify which domain users can read and/or write to these shared directories.
In order to integrate into Active Directory domains, GNOME should facilitate creating these file share directories.
Designs for this should probably tie into other work on privacy and sharing. This feature should be positioned along side other forms of sharing files and information using more modern methods.
Stef Walter, ...
Design in progress
Implementation in progress
- To allow a user to create an ad-hoc CIFS windows file directory shares without involving a domain/realm or system administrator.
- These shares should be accessible to users of other OS's (such as Windows) on the network, without any special configuration on their part.
- If the local machine is part of a domain, then the should be able to specify which users can access the share, and which users can modify the files on the share.
Non goal: We don't need this interface to expose all the various 'security modes' and other settings of Samba. The command line and other advanced configuration tools will be available for that.
Use case: Shared directory on coorporate network
xxxx how to access the share xxxx
Use case: Sharing files with Windows machines on a personal network
- gnome-control-center, probably as part (or accessed through) a "Privacy and Sharing" page.
- Windows uses a completely different way of representing file path shares as does linux. (ie: \\Machine\Share vs. smb://machine/Share )
- It is hard to enumerate all users (as in can take multiple tens of minutes) on the network and select from a list. We probably need to allow the user to type names, and then check them against the domain to see if they are valid identities.
- In order to perform Active Directory File Sharing, the machine needs to be joined to the domain. This may mean that domain administrator credentials are needed.
Relevant Art and current experiences
- In the properties of a folder in explorer, you can see a "Sharing" tab. This tab is only visible when File sharing is enabled in the control panel.
- When you choose to share, it creates a share that matches the name of the folder, and allows you to choose who can access and how:
- Can find people by using the drop down.
- Which then pulls up this:
- There's also an advanced dialog which allows you to do a few more things. Sorta confusing because many of the same actions can be performed by the normal dialog.
- Windows explorer has an extension which tracks if you rename the folder, and tells you that the folder will no longer be shared:
During setup OpenSUSE has an option to allow users to share their directories, although i couldn't figure out how to actually do that.
- To add a new share, we go into Yast2, type the 'root' password, and choose "Samba Server":
- Does a list of things while opening the dialog:
- Shows the shares:
- Clicking on add, and then can specify the name, and other info:
- For some reason insisted on me joining the domain again although I had already done that:
- But joining the domain failed:
- Couldn't access the new share from a windows machine. Couldn't access the OpenSUSE box at all.
- I tried to fix this by giving the box a valid DNS name in the right domain, but after reboot could no longer log in.
- After logging in as root on the console, and joining the domain there, managed to log in again.
- Still couldn't access the new share, until I disabled the firewall on the OpenSUSE machine.
- Even though the share wasn't read-only, couldn't write to it from other Windows machine. Citing permission problems. Couldn't figure out how to fix this from the GUI.
Common configuration problems
- Packages not installed (samba-winbind). Should integrate with package kit, or have the package installed by default.
- DNS not setup correctly, should be using a DNS server aware of the domain.