This is probably covered in many places, but my Google-fu is failing.
I have an existing office of Windows computers, in a domain, with a couple of Windows Server 2012 AD servers. I need to add a file server, so I'd prefer to use CentOS 7 and Samba to do it (because I know very little about Windows). However, I'm not finding a good how-to on that. When I search for "samba active directory" or "samba domain", the results are mostly about setting up Samba to be the domain controller, or join an AD domain as a controller, which I don't really want to do if I don't have to.
Anybody have any tips, pointers, etc.?
On Wed, Feb 4, 2015 at 10:05 AM, Chris Adams linux@cmadams.net wrote:
This is probably covered in many places, but my Google-fu is failing.
I have an existing office of Windows computers, in a domain, with a couple of Windows Server 2012 AD servers. I need to add a file server, so I'd prefer to use CentOS 7 and Samba to do it (because I know very little about Windows). However, I'm not finding a good how-to on that. When I search for "samba active directory" or "samba domain", the results are mostly about setting up Samba to be the domain controller, or join an AD domain as a controller, which I don't really want to do if I don't have to.
Anybody have any tips, pointers, etc.?
If you expect existing domain credentials to work, I think you have to join the domain. Depending on the nature of the files being served, I sometimes find it useful to have a public read-only share and avoid the authentication mess entirely - copying the files in place with linux tools or winscp. It is possible to maintain local accounts on the linux side and add those to samba (an extra step) but it is painful to keep passwords in sync.
Once upon a time, Les Mikesell lesmikesell@gmail.com said:
On Wed, Feb 4, 2015 at 10:05 AM, Chris Adams linux@cmadams.net wrote:
I have an existing office of Windows computers, in a domain, with a couple of Windows Server 2012 AD servers. I need to add a file server, so I'd prefer to use CentOS 7 and Samba to do it (because I know very little about Windows). However, I'm not finding a good how-to on that. When I search for "samba active directory" or "samba domain", the results are mostly about setting up Samba to be the domain controller, or join an AD domain as a controller, which I don't really want to do if I don't have to.
Anybody have any tips, pointers, etc.?
If you expect existing domain credentials to work, I think you have to join the domain. Depending on the nature of the files being served, I sometimes find it useful to have a public read-only share and avoid the authentication mess entirely - copying the files in place with linux tools or winscp. It is possible to maintain local accounts on the linux side and add those to samba (an extra step) but it is painful to keep passwords in sync.
Yeah, I want to join the domain, and use domain credentials for access, I just don't want to be an additional domain controller (which is what the docs/howtos I keep finding seem to assume). I've done Samba with basic locally-configured users before (not in a long time), but this needs to use domain credentials.
On Wed, Feb 4, 2015 at 10:24 AM, Chris Adams linux@cmadams.net wrote:
Once upon a time, Les Mikesell lesmikesell@gmail.com said:
On Wed, Feb 4, 2015 at 10:05 AM, Chris Adams linux@cmadams.net wrote:
I have an existing office of Windows computers, in a domain, with a couple of Windows Server 2012 AD servers. I need to add a file server, so I'd prefer to use CentOS 7 and Samba to do it (because I know very little about Windows). However, I'm not finding a good how-to on that. When I search for "samba active directory" or "samba domain", the results are mostly about setting up Samba to be the domain controller, or join an AD domain as a controller, which I don't really want to do if I don't have to.
Anybody have any tips, pointers, etc.?
If you expect existing domain credentials to work, I think you have to join the domain. Depending on the nature of the files being served, I sometimes find it useful to have a public read-only share and avoid the authentication mess entirely - copying the files in place with linux tools or winscp. It is possible to maintain local accounts on the linux side and add those to samba (an extra step) but it is painful to keep passwords in sync.
Yeah, I want to join the domain, and use domain credentials for access, I just don't want to be an additional domain controller (which is what the docs/howtos I keep finding seem to assume). I've done Samba with basic locally-configured users before (not in a long time), but this needs to use domain credentials.
I think authconfig-tui will set this up for you if you check 'Use Winbind' and "Winbind Authentication" and then fill in the AD info on the next screen and hit the Join Domain button. It should add some things to the smb.conf file but you have to add any shares you want besides homes. You will need the AD administrator password to join.
On 02/04/2015 08:05 AM, Chris Adams wrote:
This is probably covered in many places, but my Google-fu is failing.
Samba's documentation/howto is here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
As others have mentioned, authconfig will take care of some of those steps for you, but won't set up Samba.
On Wed, Feb 4, 2015 at 11:20 AM, Gordon Messmer gordon.messmer@gmail.com wrote:
This is probably covered in many places, but my Google-fu is failing.
Samba's documentation/howto is here: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
As others have mentioned, authconfig will take care of some of those steps for you, but won't set up Samba.
Authconfig will also set up linux account authentication (and possibly auto-creation on login) to match the samba setup - which you may or may not want. I'd recommend doing it on a text box or VM and then looking through the changes it makes to the pam and smb configs to understand how it is supposed to work. If you are doing multiple machines, the command line version of authconfig is handy to make everything match once you get the arguments down.
-
Chris Adams -
Gordon Messmer -
Les Mikesell