Configure Samba on a Linux or Unix Computer
- On the Linux or Unix computer that is running Samba, add the following settings to the global section of the Samba configuration file (Typically located at /etc/samba/smb.conf):
[global] security = ADS workgroup = DEMO realm = DEMO.COM machine password timeout = 0
The ADS value for the security setting is required. Replace the values of workgroup and realm with the values for the network. The workgroup is the computer's NetBIOS domain name. The realm is the computer's Active Directory domain.
If the machine password option is not added to the smb.conf and set to 0, Samba will change the machine account password without notifying the AD Bridge authentication service, leaving AD Bridge unable to connect to the domain.
- If an alternate hostname is used, then set that hostname as the NetBIOS name: netbios name = CENTOS-TEST.
- Create a new section to define a shared resource and constrain access to the Active Directory group pbis_group. Limit write access to pbisadmin:
[testshare] comment = This is a test share path = /share valid users = +DEMO\pbis_group write list = DEMO\pbisadmin
- Run the testparm command to make sure smb.conf contains no syntax errors.
- Make sure the path exists and permissions for the share are set:
mkdir /share chmod 750 /share chown DEMO\\pbisadmin:DEMO\\pbis_group /share
- Restart Samba: systemctl restart smbd.
- Create a dns entry for the Samba server: /opt/pbis/bin/update-dns.
The computer is now ready to access the share from a Windows computer and log on with an Active Directory account.
Example of using homes with AD Bridge home directories:
comment = Home Directory of User %U in Domain %D
path = /home/%D/%U
browseable = no
create mask = 640
directory mask = 0750
valid users = %U
To help troubleshoot, turn on Samba logging by adding the following settings to the global section of the Samba
configuration file, smb.conf:
log level = 10
debug pid = true
log file = /var/log/samba/smbd.log
max log size = 50 # max 50KB per log file, then rotate