Configure Samba with Active Directory integration (Centos 6)

Let’s see how to integrate your samba server with Microsoft Active Diretory.

Domain: NOODLES   (NETBIOS name)
FQDN: noodles.foo.org
Domain controller 1: dc01.noodles.foo.org
Domain controller 2: dc02.noodles.foo.org
Local Unix account: puppet
Domain Account: NOODLES\puppet

Packages to install via yum: [ krb5-libs , krb5-devel , samba , samba-common , samba-winbind , samba-client , samba-winbind-client ]

  • create unix local user named “puppet”
  • Install package using yum
  • map “puppet” with “NOODLES\puppet” editing /etc/samba/smbusers:
  • puppet = NOODLES\puppet

  • Make sure that you can reach the domain controllers by the Linux server
  • Configure Kerberos.  Example:[root@mylinuxbox puppet]# cat /etc/krb5.conf

[libdefaults]
default_realm = NOODLES.FOO.ORG[realms]
NOODLES.FOO.ORG = {
kdc = dc01.noodles.foo.org
kdc = dc02.noodles.foo.org

admin_server = dc01.noodles.foo.org
}

  • Configure Samba (/etc/samba/smb.conf)

  • [global]
    nameresolveorder = hosts wins bcast
    maxlogsize = 1500
    passwordserver = dc01 dc02
    usernamemap = /etc/samba/smbusers
    clientntlmv2auth = yes
    dnsproxy = no
    disablespoolss = yes
    printcapname = /dev/null
    realm = NOODLES.FOO.ORG
    logfile = /var/log/samba/smbd.log
    preferredmaster = no
    loadprinters = no
    printing = bsd
    socketoptions = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    localmaster = no
    workgroup = NOODLES
    serverstring = Samba Server
    security = ADS
    # auth methods = guest, sam, winbind
    restrict anonymous = 2

    follow symlinks = yes
    wide links = yes
    unix extensions = no

    [share]
    path=/usr/local/
    writable=yes
    browsable=yes
    create mask = 0766
    valid users= puppet
    force user = puppet

  • Join Linux server to the domain
  • net ads join -U puppetadmin@NOODLES.FOO.ORG

    print details of connection with active directory

    [puppet@mylinuxbox puppet]# net ads info

    LDAP server: [ ip address of dc01]
    LDAP server name: DC01.noodles.foo.org
    Realm: NOODLES.FOO.ORG
    Bind Path: dc=NOODLES,dc=FOO,dc=ORG
    LDAP port: 389
    Server time: Thu, 10 Apr 2014 10:52:59 CEST
    KDC server: [ ip address of dc01]
    Server time offset: 0

    restart samba
    Try access to //mylinuxbox/share using NOODLES\puppet

    Advertisements

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s