KB450093 – How to bind an AD to a standalone Samba Server

Last modified: November 20, 2019
You are here:
Estimated reading time: 1 min

The following guide was done on CentOS 7.

Install the relevant files:

yum install -y realmd samba samba-common oddjob oddjob-mkhomedir sssd adcli krb5-workstation openldap-clients policycoreutils-python samba-winbind-clients

Edit /etc/krb5.conf

    default_realm = DOMAIN.NAME
    dns_lookup_realm = false
    dns_lookup_kdc = true

Edit /etc/samba/smb.conf

    security = ADS
    workgroup = WORKGROUP
    realm = REALM.COM
    template homedir = /home/%U
    template shell = /bin/bash
    winbind use default domain = yes
    winbind enum users = yes
    winbind enum groups = yes
    map acl inherit = yes
    store dos attributes = yes
    idmap config * : backend = tdb
    idmap config * : range = 1000000-1999999
    path = /design
    public = no
    writable = yes
    guest ok = no
    valid users = @"design",administrator
    kernel share modes = no

Enter command nmtui and set DNS to appropriate target IP

Edit the following in /etc/nsswitch.conf

 passwd: files winbind
 shadow: files sss
 group: files winbind

Test configuration files:


Add your IP address & FQDN to /etc/hosts

Sign into AD:

net ads join -U USERNAME

Enable and Start Winbind:

systemctl enable winbind
systemctl start winbind
Was this article helpful?
Dislike 0
Views: 197
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access