Let’s see how to integrate your samba server with Microsoft Active Diretory.
Domain: NOODLES (NETBIOS name)
FQDN: noodles.foo.org
Domain controller 1: dc01.noodles.foo.org
Domain controller 2: dc02.noodles.foo.org
Local Unix account: puppet
Domain Account: NOODLES\puppet
Packages to install via yum: [ krb5-libs , krb5-devel , samba , samba-common , samba-winbind , samba-client , samba-winbind-client ]
- create unix local user named “puppet”
- Install package using yum
- map “puppet” with “NOODLES\puppet” editing /etc/samba/smbusers:
- Make sure that you can reach the domain controllers by the Linux server
- Configure Kerberos. Example:[root@mylinuxbox puppet]# cat /etc/krb5.conf
puppet = NOODLES\puppet
[libdefaults]
default_realm = NOODLES.FOO.ORG[realms]
NOODLES.FOO.ORG = {
kdc = dc01.noodles.foo.org
kdc = dc02.noodles.foo.orgadmin_server = dc01.noodles.foo.org
}
[global]
nameresolveorder = hosts wins bcast
maxlogsize = 1500
passwordserver = dc01 dc02
usernamemap = /etc/samba/smbusers
clientntlmv2auth = yes
dnsproxy = no
disablespoolss = yes
printcapname = /dev/null
realm = NOODLES.FOO.ORG
logfile = /var/log/samba/smbd.log
preferredmaster = no
loadprinters = no
printing = bsd
socketoptions = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
localmaster = no
workgroup = NOODLES
serverstring = Samba Server
security = ADS
# auth methods = guest, sam, winbind
restrict anonymous = 2follow symlinks = yes
wide links = yes
unix extensions = no[share]
path=/usr/local/
writable=yes
browsable=yes
create mask = 0766
valid users= puppet
force user = puppet
net ads join -U puppetadmin@NOODLES.FOO.ORG
print details of connection with active directory
[puppet@mylinuxbox puppet]# net ads info
LDAP server: [ ip address of dc01]
LDAP server name: DC01.noodles.foo.org
Realm: NOODLES.FOO.ORG
Bind Path: dc=NOODLES,dc=FOO,dc=ORG
LDAP port: 389
Server time: Thu, 10 Apr 2014 10:52:59 CEST
KDC server: [ ip address of dc01]
Server time offset: 0
restart samba
Try access to //mylinuxbox/share using NOODLES\puppet