Configure Samba File Sharing AD Auth on RHEL/CentOS 7

Scenario: How to configure file sharing using samba with AD authentification on CentOS/RHEL 7
System:
– CentOS/RHEL 7, IP address: 192.168.99.15, hostname: centos7ht
– Windows Server 2012 as AD Domain: toya.toyaseta.com, IP address: 192.168.99.10, also as DNS server.

Steps as root login:
1) Point cetos7ht DNS server to AD server and edit /etc/hosts
– Edit /etc/hosts.
# vi /etc/hosts

– Edit DNS /etc/resolv.conf
# vi /etc/resolv.conf

2) Install package samba
# yum install realmd samba samba-common oddjob oddjob-mkhomedir sssd

3) Join domain using domain user who have priviledge to join domain.
# realm join --user=bachem toya.toyaseta.com

Test get user AD group:

+Optional: Set up just show user or group without FQDN
# vi /etc/sssd/sssd.conf

-Restart sssd service

# systemctl restart sssd

-After Set up no FQDN:

4) Edit samba.conf to set up folder sharing.
Example:
We will create folder sharing Finance which can access by AD Group FinanceRO(just Read Only) and FinanceMD(can Modified) in the same path.

# vi /etc/samba/smb.conf

5) Setup folder sharing path permission access.
# setfacl -m g:financero@TOYA:r-x /datasamba/finance/
# setfacl -m g:financemd@TOYA:rwx /datasamba/finance/

6) Setup Selinux on folder sharing path
# chcon -t samba_share_t /datasamba/finance

7) Setup Firewalld to allow samba service
# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

8) Start samba service and enable start at boot
# systemctl start smb.service
# systemctl enable smb.service

Reference:
http://www.hexblot.com/blog/centos-7-active-directory-and-samba
https://www.svennd.be/samba-login-using-windows-ad-on-centos-7/


Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *