45 Drives Knowledge Base
KB450093 - How to bind an AD to a standalone Samba Server
http://knowledgebase.45drives.com/kb/how-to-bind-an-ad-to-a-standalone-samba-server/

KB450093 - How to bind an AD to a standalone Samba Server

Posted on November 19, 2018 by Rob MacQueen


The following guide was done on CentOS 7.

Install the relevant files:

yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd adcli krb5-workstation openldap-clients policycoreutils-python samba-winbind-clients

Edit /etc/krb5.conf

 
    default_realm = DOMAIN.NAME
    dns_lookup_realm = false
    dns_lookup_kdc = true

Edit /etc/samba/smb.conf

 
    security = ADS
    workgroup = WORKGROUP
    realm = REALM.COM
    template homedir = /home/%U
    template shell = /bin/bash
    winbind use default domain = yes
    winbind enum users = yes
    winbind enum groups = yes
    map acl inherit = yes
    store dos attributes = yes
    idmap config * : backend = tdb
    idmap config * : range = 1000000-1999999
 
    path = /design
    public = no
    writable = yes
    guest ok = no
    valid users = @"design",administrator
    kernel share modes = no

Enter command nmtui and set DNS to appropriate target IP

Edit the following in /etc/nsswitch.conf

 ...
 passwd: files winbind
 shadow: files sss
 group: files winbind
 ...

Test configuration files:

 testparm

Add your IP address & FQDN to /etc/hosts

Sign into AD:

net ads join -U USERNAME

Enable and Start Winbind:

systemctl enable winbind
systemctl start winbind
KB450093 – How to bind an AD to a standalone Samba Server – 45 Drives Knowledge Base

KB450093 – How to bind an AD to a standalone Samba Server

Last modified: November 20, 2019
You are here:
Estimated reading time: 1 min

The following guide was done on CentOS 7.

Install the relevant files:

yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd adcli krb5-workstation openldap-clients policycoreutils-python samba-winbind-clients

Edit /etc/krb5.conf

 [libdefaults]
    default_realm = DOMAIN.NAME
    dns_lookup_realm = false
    dns_lookup_kdc = true

Edit /etc/samba/smb.conf

 [global]
    security = ADS
    workgroup = WORKGROUP
    realm = REALM.COM
    template homedir = /home/%U
    template shell = /bin/bash
    winbind use default domain = yes
    winbind enum users = yes
    winbind enum groups = yes
    map acl inherit = yes
    store dos attributes = yes
    idmap config * : backend = tdb
    idmap config * : range = 1000000-1999999
 [design]
    path = /design
    public = no
    writable = yes
    guest ok = no
    valid users = @"design",administrator
    kernel share modes = no

Enter command nmtui and set DNS to appropriate target IP

Edit the following in /etc/nsswitch.conf

 ...
 passwd: files winbind
 shadow: files sss
 group: files winbind
 ...

Test configuration files:

 testparm

Add your IP address & FQDN to /etc/hosts

Sign into AD:

net ads join -U USERNAME

Enable and Start Winbind:

systemctl enable winbind
systemctl start winbind
Was this article helpful?
Dislike 0
Views: 123
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access