Integrate Samba with Active Directory on CentOS

Samba is a free software re-implementation of the SMB/CIFS networking protocol that provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain.

At the end of this tutorial, you will be able to integrate samba with Microsoft Active Directory on Centos and Redhat.

We have also covered how to setup linux domain controller and how to join domain controller on ubuntu.

Requirements

 A computer with CentOS installed on it.
 Internet Connection.
 Microsoft windows server with active directory service installed and configured.

Install Necessary Packages

Using the yum command install samba client tool as follows:

$ sudo yum install authconfig samba-winbind samba-client samba-winbind-clients oddjob-mkhomedir

Join the Active Directory domain

Run sudo authconfig-tui and select the same options and press next as shown below.

join domain linux

Now, write your domain, domain controller and ads realm (it is recommended to write all capital letters) and chose the security model ads and template shell /bin/bash as shown below

join domain linux

Press Join Domain and you will be prompted to save the configuration and writing the domain administrator password as shown below.

join domain linux

Now check your active directory users and computers and you should find the new joined machine.

Setup users home directory

You can create a local home directory for active directory users as below

$ sudo mkdir /home/YOURDOMAIN //Your domain must be in capital letters

Run the authconfig command and enable home directories. In the command line use --enablemkhomedir option.

$ sudo authconfig --enablemkhomedir --update

Configure smb.conf

Open smb.conf (/etc/samba/smb.conf) with any text editor.

Under the global settings configure yours as below:

[global]
workgroup = YOURDOMAIN
password server = DC.YOURDOMAIN.LOCAL
realm = YOURDOMAIN.LOCAL
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /home/YOURDOMAIN
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
idmap backend = idmap_rid:yourdomain=16777216-33554431
obey pam restrictions = yes

Configure system-auth

Open system-auth file  (/etc/pam.d/system-auth) with any text editor.

Add the below line in the end of the file

session required pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=0022

Now restart samba, winbind and oddjob services

$ sudo service smb restart
$ sudo service winbind restart
$ sudo service oddjobd restart

On CentOS 7 and above run the following command:

$ sudo systemctl start winbind.service
$ sudo systemctl start oddjob

Log in to Active directory

Open run any machine that is joined the domain and run any one of the following commands

$ su - ‘domain\domain_user’
$ su - domain\domain_user

You can use the below syntax if winbind use default domain = true parameter set in samba configuration file.

$ su - domain_user
$ su - domain_user@example.com

List Domain Users and Domain Info

You can use wbinfo command to get domain user and group information. Also, you can use net command for fetching domain details.

Check the following commands:

$ sudo wbinfo -u
$ sudo wbinfo -g
$ sudo wbinfo -i domain_user
$ sudo net ads info

Unjoin (leave) Active Directory

Use net command to unjoin your computer from Active directory. Use the following command and a reboot is required to make changes to effect.

$ sudo net ads leave -w domain-name -U domain-administrator

or

$ sudo net ads leave -S  -U user%password

or

$ sudo realm leave ad.example.com
$ sudo reboot

Conclusion

In this tutorial, we learned how to integrate samba with the active directory on CentOS and Redhat. I hope you enjoyed reading and please leave your suggestion in the below comment section.

Bobbin Zachariah 9:07 am

Comments

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.