How to I get Samba working on CentOS with AD authenticated users?

[TrevorH]

https://access.redhat.com/solutions/29794

[jdhumpf]

Problem with that is; if I use winbind I am unable to get users from both domains to login without the @domian at the end which does not fill the requirement.

[TrevorH]

If you read that article it specifically says how to get winbind to return other domains too.

[jdhumpf]

This will still not allow you to login to both domains just specifying "username" at least one of the domains will force you to do "domain\username" or "username@domain.com"

[tony_down_under]

Hi OP. This is somewhat tricky because of the level of work required to get it working. I wrote myself a guide so I could replicate easily and things change by themselves with minor package versions between sssd and another (cant recall). One of the issues I had was just this. Identical system, one can log in using simply "userID" and the other required userID@domain.

I have a project running at the moment to convert our Windows laptops to Linux and I am using CentOS because of compatibility with a must-have piece of software (antivirus). For the AD-join process, I managed to get this to be very simple:

1. install a package
2. run a command to join the domain

System is joined to the domain, no issues. Can log in at gnome or cli using userID@domain.com. Change domain password works also. By default we have to log in specifying the domain either domain\userID or userID@domain . However you can set a config on the software to assume a default domain: https://github.com/BeyondTrust/pbis-open/issues/28
You can do the same with the config files by setting a default domain.

The software I used is called pbis-open. All it does is configure all the config files for you during the join process, although it's way more in-depth than the minimum config I used to join previous systems to the domain.
https://github.com/BeyondTrust/pbis-ope ... _64.rpm.sh

The command used to join the system to the domain is
./domainjoin-cli join DOMAIN.COM admin-userID@DOMAIN.COM

They have guides and docs available. It's worth a try just for less headache

EDIT:: just tested this for you. After joining the domain, set the config to make the domain the default for logging in with just "useID" and works great.
To set that config, I ran the below after joining the domain.

Code: Select all

./config AssumeDefaultDomain true

These binaries are within the /opt/pbis/bin directory.

I've pushed this config change to our git for testing - we might use this ourselves.

EDIT 2
SAMBA share is working fine also. I have Windows 2012 file server. In CentOS I opened the "files" application which is like a file explorer. In the "other locations" I simply typed smb://servername/share$ and it asked for my password. I entered the password and the share loaded fine.

However I wanted to mention that as of now most of my computers are mac and there was/is a bug there with samba. So to work around that, I implemented a google-drive like web application where everyone can access the AD file shares. I used Owncloud server and configured it so when users log in, it uses their login credentials to mount the share. This gives them access to the home directory and any other shares I had configured. I expect most people to use this because it's much easier and simpler and no need to connect to a VPN to access. Plus files like photos are displayed like google drive / dropbox which makes it have a few other plus points over direct smb.

Hope it helps.

[sambagreg]

Does this work when both the windows machine and samba are vms on a VMware platform?

[tony_down_under]

Does this work when both the windows machine and samba are vms on a VMware platform?

You're not thinking modular-ly

To put it another way, it's similar to me saying "I have a car running on UK roads. Will my car run on Australian roads". Answer is "why not?"