Samba is a free software re-implementation of the SMB/CIFS networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain.
At the end of this tutorial, you will be able to integrate samba with Microsoft Active Directory on Centos and Redhat.
We have also covered how to setup linux domain controller and how to join domain controller on ubuntu.
Requirements
A computer with CentOS installed on it.
Internet Connection.
Microsoft windows server with active directory service installed and configured.
Install Necessary Packages
Using the yum command install samba client tool as follows:
$ sudo yum install authconfig samba-winbind samba-client samba-winbind-clients oddjob-mkhomedir
Join the Active Directory domain
Run sudo authconfig-tui and select the same options and press next as shown below.
Now, write your domain, domain controller and ads realm (it is recommended to write all capital letters) and chose the security model ads and template shell /bin/bash as shown below
Press Join Domain and you will be prompted to save the configuration and writing the domain administrator password as shown below.
Now check your active directory users and computers and you should find the new joined machine.
Setup users home directory
You can create a local home directory for active directory users as below
$ sudo mkdir /home/YOURDOMAIN //Your domain must be in capital letters
Run the authconfig command and enable home directories. In the command line use --enablemkhomedir option.
$ sudo authconfig --enablemkhomedir --update
Configure smb.conf
Open smb.conf (/etc/samba/smb.conf) with any text editor.
Under the global settings configure yours as below:
[global] workgroup = YOURDOMAIN password server = DC.YOURDOMAIN.LOCAL realm = YOURDOMAIN.LOCAL security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template homedir = /home/YOURDOMAIN template shell = /bin/bash winbind use default domain = true winbind offline logon = false idmap backend = idmap_rid:yourdomain=16777216-33554431 obey pam restrictions = yes
Configure system-auth
Open system-auth file (/etc/pam.d/system-auth) with any text editor.
Add the below line in the end of the file
session required pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=0022
Now restart samba, winbind and oddjob services
$ sudo service smb restart $ sudo service winbind restart $ sudo service oddjobd restart
On CentOS 7 and above run the following command:
$ sudo systemctl start winbind.service $ sudo systemctl start oddjob
Log in to Active directory
Open run any machine that is joined the domain and run any one of the following commands
$ su - ‘domain\domain_user’ $ su - domain\domain_user
You can use the below syntax if winbind use default domain = true parameter set in samba configuration file.
$ su - domain_user $ su - domain_user@example.com
List Domain Users and Domain Info
You can use wbinfo command to get domain user and group information. Also, you can use net command for fetching domain details.
Check the following commands:
$ sudo wbinfo -u $ sudo wbinfo -g $ sudo wbinfo -i domain_user $ sudo net ads info
Unjoin (leave) Active Directory
Use net command to unjoin your computer from Active directory. Use the following command and a reboot is required to make changes to effect.
$ sudo net ads leave -w domain-name -U domain-administrator
or
$ sudo net ads leave -S -U user%password
or
$ sudo realm leave ad.example.com
$ sudo reboot
Conclusion
In this tutorial, we learned how to integrate samba with the active directory on CentOS and Redhat. I hope you enjoyed reading and please leave your suggestion in the below comment section.
