Configure Samba File Sharing AD Auth on RHEL/CentOS 7

Scenario: How to configure file sharing using samba with AD authentification on CentOS/RHEL 7
– CentOS/RHEL 7, IP address:, hostname: centos7ht
– Windows Server 2012 as AD Domain:, IP address:, also as DNS server.

Steps as root login:
1) Point cetos7ht DNS server to AD server and edit /etc/hosts
– Edit /etc/hosts.
# vi /etc/hosts

– Edit DNS /etc/resolv.conf
# vi /etc/resolv.conf

2) Install package samba
# yum install realmd samba samba-common oddjob oddjob-mkhomedir sssd

3) Join domain using domain user who have priviledge to join domain.
# realm join --user=bachem

Test get user AD group:

+Optional: Set up just show user or group without FQDN
# vi /etc/sssd/sssd.conf

-Restart sssd service

# systemctl restart sssd

-After Set up no FQDN:

4) Edit samba.conf to set up folder sharing.
We will create folder sharing Finance which can access by AD Group FinanceRO(just Read Only) and FinanceMD(can Modified) in the same path.

# vi /etc/samba/smb.conf

5) Setup folder sharing path permission access.
# setfacl -m g:financero@TOYA:r-x /datasamba/finance/
# setfacl -m g:financemd@TOYA:rwx /datasamba/finance/

6) Setup Selinux on folder sharing path
# chcon -t samba_share_t /datasamba/finance

7) Setup Firewalld to allow samba service
# firewall-cmd --permanent --zone=public --add-service=samba
# firewall-cmd --reload

8) Start samba service and enable start at boot
# systemctl start smb.service
# systemctl enable smb.service


Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *