Page 1 of 2
How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/06/13 20:17:51
by jdhumpf
I have tried multiple different ways to get Samba working with CentOS and there is not a single guide out there that actually works fully.
Here are the requirements:
1. Ability to login to CentOS with Active Directory credentials
(which I have figured out but I am willing to take other suggestions:
https://www.linuxtechi.com/integrate-rh ... directory/)
2. The ability to seamlessly/somewhat easily have users access the CentOS home directories from windows machines. (example: \\192.168.1.77\username or something like that)
Note, I have tried SSSD and winbind and am a real fan of sssd as far as the authentication goes, but I am really stuck as far as making samba work with it.
I have spent several days on this and am looking to the spiceworks community for help.
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/06/14 14:07:23
by hunter86_bg
You need to setup a kerberized Samba, as windows clients will not connect to non-kerberized share.
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/06/14 15:41:26
by jdhumpf
Do you have a config and steps that work? I have tried everything.
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/06/16 13:02:50
by hunter86_bg
First,
Have you tried in the windows client to access the share via: \\my.centos.my.domain\samba\share instead of using the IP?
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/06/17 15:59:03
by jdhumpf
Yes I have. So now I have a different problem.
I have got the thing to work but I can not use SSSD with samba. I can only use Winbind.
With winbind I can only get users in the primary domain to be able to login without "@Domain.com"
username@domain.com
username@subdomian.domian.com
SHOULD BE JUST:
username
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/07/29 14:26:33
by jdhumpf
Redhat support claims that this will not work with SSSD at all
But this is still accessible on their site.
https://access.redhat.com/documentation ... e/smb-sssd
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/07/30 18:21:55
by Thraex
I was able to do this before, I used authconfig-tui and set it to use winbind and joined the domain through it. It adds a good chunk to your smb.conf so it should make the process a little easier. After it joined, you can make sure it worked with wbinfo -u which should show AD users. If it does then you should be done. My smb.conf is below, not sure if everything is needed but it worked for me. For accessing the shares, you can make a [home] share and the path be /home/%U (I think)
Code: Select all
[global]
workgroup = example
realm = example.com
security = ads
idmap config * : range = 10000-300000
template homedir = /home/%U
template shell = /bin/bash
kerberos method = secrets only
winbind use default domain = true
winbind offline logon = false
server role = MEMBER SERVER
ntlm auth =yes
encrypt passwords = yes
domain logons = yes
winbind enum users = yes
winbind enum groups = yes
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/07/30 18:48:35
by jdhumpf
Were you ever able to do it through OpenLDAP?
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/07/30 19:20:24
by Thraex
I never tried it actually, for what I needed samba for most of the documentation I found said to use winbind so I did. Once it worked I didn't mess around with it anymore
Re: How to I get Samba working on CentOS with AD authenticated users?
Posted: 2019/07/30 19:48:29
by jdhumpf
Promlem is, I have a domain and a subdomain on active directory and users from both need to login without having to specify domain, and this is only possible with sssd which will not work alongside winbind for samba.
We have an OpenLDAP setup currently and it was working months ago but I can not seem to get it working again.