Configure Samba on a Linux or Unix Computer

  1. On the Linux or Unix computer that is running Samba, add the following settings to the global section of the Samba configuration file (Typically located at /etc/samba/smb.conf):
    [global]
    security = ADS
    workgroup = DEMO
    realm = DEMO.COM
    machine password timeout = 0

The ADS value for the security setting is required. Replace the values of workgroup and realm with the values for the network. The workgroup is the computer's NetBIOS domain name. The realm is the computer's Active Directory domain.

If the machine password option is not added to the smb.conf and set to 0, Samba will change the machine account password without notifying the AD Bridge authentication service, leaving AD Bridge unable to connect to the domain.

  1. If an alternate hostname is used, then set that hostname as the NetBIOS name: netbios name = CENTOS-TEST.
  2. Create a new section to define a shared resource and constrain access to the Active Directory group pbis_group. Limit write access to pbisadmin:
    [testshare]
    comment = This is a test share
    path = /share
    valid users = +DEMO\pbis_group
    write list = DEMO\pbisadmin
  3. Run the testparm command to make sure smb.conf contains no syntax errors.
  4. Make sure the path exists and permissions for the share are set:
    mkdir /share
    chmod 750 /share
    chown DEMO\\pbisadmin:DEMO\\pbis_group /share
  5. Restart Samba: systemctl restart smbd.
  6. Create a dns entry for the Samba server: /opt/pbis/bin/update-dns.

The computer is now ready to access the share from a Windows computer and log on with an Active Directory account.

Home Shares

Example of using homes with AD Bridge home directories:

[homes]
comment = Home Directory of User %U in Domain %D
path = /home/%D/%U
browseable = no
create mask = 640
directory mask = 0750
valid users = %U

Debug

To help troubleshoot, turn on Samba logging by adding the following settings to the global section of the Samba

configuration file, smb.conf:

[global]

...

#Debugging settings:

log level = 10

debug pid = true

log file = /var/log/samba/smbd.log

max log size = 50 # max 50KB per log file, then rotate