Configure Samba on a Linux or Unix Computer

  1. On the Linux or Unix computer that is running Samba, add the following settings to the global section of the Samba configuration file (Typically located at /etc/samba/smb.conf): 
    [global]
security = ADS
workgroup = DEMO
realm = DEMO.COM
machine password timeout = 0

The ADS value for the security setting is required. Replace the values of workgroup and realm with the values for the network. The workgroup is the computer's NetBIOS domain name. The realm is the computer's Active Directory domain.

If the machine password option is not added to the smb.conf and set to 0, Samba will change the machine account password without notifying the AD Bridge authentication service, leaving AD Bridge unable to connect to the domain.

  1. If an alternate hostname is used, then set that hostname as the NetBIOS name: netbios name = CENTOS-TEST.
  2. Create a new section to define a shared resource and constrain access to the Active Directory group pbis_group. Limit write access to pbisadmin: 
    [testshare]
comment = This is a test share
path = /share
valid users = +DEMO\pbis_group
write list = DEMO\pbisadmin
  3. Run the testparm command to make sure smb.conf contains no syntax errors.
  4. Make sure the path exists and permissions for the share are set: 
    mkdir /share
chmod 750 /share
chown DEMO\\pbisadmin:DEMO\\pbis_group /share
  5. Restart Samba: systemctl restart smbd.
  6. Create a dns entry for the Samba server: /opt/pbis/bin/update-dns.

The computer is now ready to access the share from a Windows computer and log on with an Active Directory account.

Home Shares

Example of using homes with AD Bridge home directories.
[homes]
   comment = Home Directory of User %U in Domain %D
   path = /home/%D/%U
   browseable = no
   create mask = 640
   directory mask = 0750
   valid users = %U

Debug

To help troubleshoot, turn on Samba logging by adding the following settings to the global section of the Samba configuration file, smb.conf:

[global]
...
#Debugging settings:
log level = 10
debug pid = true
log file = /var/log/samba/smbd.log
max log size = 50 # max 50KB per log file, then rotate