Samba is a free software re-implementation of the SMB/CIFS networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain.
At the end of this tutorial, you will be able to integrate samba with Microsoft Active Directory on Centos and Redhat.
A computer with CentOS installed on it.
Microsoft windows server with active directory service installed and configured.
Install Necessary Packages
Using the yum command install samba client tool as follows:
$ sudo yum install authconfig samba-winbind samba-client samba-winbind-clients oddjob-mkhomedir
Join the Active Directory domain
sudo authconfig-tui and select the same options and press next as shown below.
Now, write your domain, domain controller and ads realm (it is recommended to write all capital letters) and chose the security model ads and template shell /bin/bash as shown below
Press Join Domain and you will be prompted to save the configuration and writing the domain administrator password as shown below.
Now check your active directory users and computers and you should find the new joined machine.
Setup users home directory
You can create a local home directory for active directory users as below
$ sudo mkdir /home/YOURDOMAIN //Your domain must be in capital letters
Run the authconfig command and enable home directories. In the command line use
$ sudo authconfig --enablemkhomedir --update
Open smb.conf (/etc/samba/smb.conf) with any text editor.
Under the global settings configure yours as below:
[global] workgroup = YOURDOMAIN password server = DC.YOURDOMAIN.LOCAL realm = YOURDOMAIN.LOCAL security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template homedir = /home/YOURDOMAIN template shell = /bin/bash winbind use default domain = true winbind offline logon = false idmap backend = idmap_rid:yourdomain=16777216-33554431 obey pam restrictions = yes
Open system-auth file (/etc/pam.d/system-auth) with any text editor.
Add the below line in the end of the file
session required pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=0022
Now restart samba, winbind and oddjob services
$ sudo service smb restart $ sudo service winbind restart $ sudo service oddjobd restart
On CentOS 7 and above run the following command:
$ sudo systemctl start winbind.service $ sudo systemctl start oddjob
Log in to Active directory
Open run any machine that is joined the domain and run any one of the following commands
$ su - ‘domain\domain_user’ $ su - domain\domain_user
You can use the below syntax if winbind use default domain = true parameter set in samba configuration file.
$ su - domain_user $ su - firstname.lastname@example.org
List Domain Users and Domain Info
You can use
wbinfo command to get domain user and group information. Also, you can use
net command for fetching domain details.
Check the following commands:
$ sudo wbinfo -u $ sudo wbinfo -g $ sudo wbinfo -i domain_user $ sudo net ads info
Unjoin (leave) Active Directory
Use net command to unjoin your computer from Active directory. Use the following command and a reboot is required to make changes to effect.
$ sudo net ads leave -w domain-name -U domain-administrator
$ sudo net ads leave -S -U user%password
$ sudo realm leave ad.example.com
$ sudo reboot
In this tutorial, we learned how to integrate samba with the active directory on CentOS and Redhat. I hope you enjoyed reading and please leave your suggestion in the below comment section.