[Samba] SAMBA using existing users and passwords on Linux

Fernando Gonçalves fernandolmg at gmail.com
Fri Jun 19 14:06:40 UTC 2020 

I will pass all the commands I used for installation and inclusion of the
linux server server in AD.

Installation of KERBEROS 5 packages:
#yum install krb5-server krb5-libs krb5-workstation

I added the following lines to the /etc/krb5.conf file
[libdefaults]
default_realm = SAMDOM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false

I installed realmd
# yum install realmd

I ran the command to find the domain and check the necessary packages to be
installed
#realm discover tjsc.ad --client-software = winbind
tjsc.ad
  type: kerberos
  realm-name: TJSC.AD
  domain-name: tjsc.ad
  configured: no
  server-software: active-directory
  client-software: winbind
  required-package: oddjob-mkhomedir
  required-package: oddjob
  required-package: samba-winbind-clients
  required-package: samba-winbind
  required-package: samba-common-tools

I installed required packages
# yum install oddjob-mkhomedir oddjob samba-winbind-clients samba-winbind
samba-common-tools

Includes server in the domain with winbind
# realm join tjsc.ad --client-software = winbind -U adm.fernando

Verifying that the operation was successfully completed
# realm list
tjsc.ad
  type: kerberos
  realm-name: TJSC.AD
  domain-name: tjsc.ad
  configured: kerberos-member
  server-software: active-directory
  client-software: winbind
  required-package: oddjob-mkhomedir
  required-package: oddjob
  required-package: samba-winbind-clients
  required-package: samba-winbind
  required-package: samba-common-tools
  login-formats: TJSC\%U
  login-policy: allow-any-login

Enable authentication via Winbind
# authconfig --enablewinbind --enablewinbindauth --smbsecurity ads
--enablewinbindoffline --smbworkgroup=TJSC --update --smbrealm TJSC.AD
--winbindtemplateshell=/bin/bash --update

Install samba
# yum install samba

And that was it.

SMB.CONF

[global]
kerberos method = system keytab
template homedir = /home/%D/%U
workgroup = TJSC
template shell = /bin/bash
security = ads
realm = TJSC.AD
idmap config TJSC : range = 2000000-2999999
idmap config TJSC : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind use default domain = yes
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no

vfs objects = acl_xattr
map acl inherit = yes

[demo]
        path = /srv/samba/demo
        read only = no
        create mask = 0777
        directory mask = 0777

Em sex., 19 de jun. de 2020 às 10:14, Rowland penny via samba <
samba at lists.samba.org> escreveu:

> On 19/06/2020 14:08, Fernando Gonçalves wrote:
> > Hello Rowland. Thanks for answering.
>
> Please post your present smb.conf
>
> Tell us what your AD DC's are.
>
> How did you join the domain ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list