Anthony Lopez

“I’d rather see a sermon than hear one any day;”

«
»

Samba server on RHEL 5.2 with Active Directory Authentication

Posted by lopeza on December 5, 2008

A quick and easy way.
There are probably hundreds of ways to configure so make sure to look around.

# yum install samba

Backup your original smb.conf file

# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

My smb.conf file which connects to an windows 2003 active directory

[global]
workgroup = YOURDOMAIN
netbios name = YOURHOSTNAME
server string = YOURHOSTNAME
security = ads
realm = YOURDOMAINFQDN
password server = YOURDOMAINCONTROLLER
encrypt passwords = yes

log file = /var/log/samba/%m.log
max log size = 1024
#log level = 1

name resolve order = wins hosts lmhosts bcast
client signing = Yes
server signing = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

local master = no
domain master = no
preferred master = dc01
wins server = dc01
dns proxy = no

#To add support for winbind, I added these lines to the global section:
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes

#===Share Definitions ===
[public]
# Any authenticated user can view or download files from this share
path = /storage/public
browseable = yes
writeable = yes
guest ok = no
valid users = CLUBMOM+AD_USERSGROUP AD_USER
force group = CLUBMOM+AD_USERSGROUP
create mask = 0666
directory mask = 0777

[TESTSHARE]
# Any authenticated user can view or download files from this share
path = /PATH/TO/SHARE
browseable = yes
writeable = yes
guest ok = no
valid users = CLUBMOM+AD_USERSGROUP AS_USER
force group = CLUBMOM+AD_USERSGROUP
create mask = 0666
directory mask = 0777

Modify the /etc/nsswitch.conf file

passwd: files winbind
shadow: files
group: files winbind

Hostname lookup (to play it safe I added it directly into /etc/hosts)

192.168.x.xxx HOSTNAME.YOURDOMAIN HOSTNAME

Add the realm to /etc/krb5.conf
YOURDOMAIN = {
kdc = YOURDOMAIN.CONTROLLER
kdc = YOURSECONDDOMAIN.CONTROLLER
}

These next commands get you started

service smb restart
service winbind restart
net ads join -U Administrator
kinit Administrator@YOURDOMAIN
service smb restart
service winbind restart

Remember to restart smb and winbind every time you modify smb.conf.

Advertisement

This entry was posted on December 5, 2008 at 3:46 pm and is filed under RHCE. Tagged: , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
Follow

Get every new post delivered to your Inbox.