How to configure Samba to use Windows's login ID?
You need to configure winbind, so you need to install and configure kerberos as well
edir /etc/krb5.conf
something like this:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1
ticket_lifetime = 24000
default_realm = YOUR.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
YOUR.DOMAIN.COM = {
kdc = your.ads.com
admin_server = your.ads.com
}
[domain_realm]
.your.domain.com = YOUR.DOMAIN.COM
your.domain.com = YOUR.DOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
then smb.conf
on relevant part:
[global]
workgroup = YOUR-GROUP
realm = YOUR.DOMAIN.COM
netbios name = SERVER-NAME
winbind separator = -
winbind uid = 1000-1000000
winbind gid = 1000-1000000
winbind enum users = yes
winbind use default domain = yes
security = ADS
encrypt passwords = yes
client use spnego = no
auth methods = winbind
then you need to have admin rights to join the linux box to the domain
net ads join -Uadminuser -d2
you will get something like this
Using short domain name -- YOUR-GROUP
Joined 'SERVER_NAME' to realm 'your-domain.com
then start the services winbind smb nmb in centos for example is
service smb start
service nmb start
service winbind start
check if the server was joined
net ads testjoin
Join is OK
check for a user
wbinfo -i username
or list the groups in the ADS
wbinfo -g
or list the users
wbinfo -u
ping the service
wbinfo -P
checking the NETLOGON dc connection to "your.ads.com" succeeded
Configure a share folder
[share_name]
path = /path_to_share
valid users = user1 user1
Related videos on Youtube
huahsin68
Updated on September 18, 2022Comments
-
huahsin68 over 1 year
I'm trying to access the Linux share folder from Windows using Windows's domain authentication. I come across the integration of
Windows Active Directory
into Samba on a Linux box, thus I have this being configure insmb.conf
:# LDAP settings passdb backend = ldapsam:ldap://xxx.xxx.xxx.xxx:xxx ldap suffix = DC=org,dc=huahsin,dc=IT ldap user suffix = OU=Users,OU=Tech,OU=MY ldap admin dn = CN=AccountA,OU=Users,OU=Tech,OU=MY,DC=org,DC=huahsin,DC=IT ldap passwd sync = yes
And this is how I configure to my share folder:
[homes] comment = Home Directories browseable = yes path = /home/huahsin/share
Anyhow I'm still not able to access my share folder. May I know what are the missing part in Samba configuration in order to authenticate through Windows's login ID when accessing a Linux share folder?