Thursday, August 29, 2013

How to Configure Samba

This guide describes a Samba configuration. We used SSSD to have user Authenticate to AD. 

If using iptables add these lines: 

Iptables -A INPUT -p udp -m udp -s 192.168.0.0/24 --dport 137 -j ACCEPT 
-A INPUT -p udp -m udp -s 192.168.0.0/24 --dport 138 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/24 --dport 139 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.0.0/24 --dport 445 -j ACCEPT 

To remove by line number type 
  • Iptable -D INPUT 5  ( where 5 is rule number) 

Test Samba Configuration 
# smbd -b | grep ADS 
   WITH_ADS 
   WITH_ADS 
# smbd -b | grep WINBIND 
   WITH_WINBIND 
   WITH_WINBIND 

# smbd -b | grep KRB 
   HAVE_KRB5_H 

View Authconfig Information 
  • authconfig --test 

Check KRB5 Authenticaion  - realms in krb5.conf must be in UPPERCASE.  
  •  kinit twalters@MYDOMAIN.COM 
Password for twalters@MYDOMAIN.COM: 
  • Klist to view ticket 


wbinfo -g | grep My_Group_1 
Error looking up domain groups 
[root@usmd-prd-lnx01 samba]# getent group |grep My_Group_1

Join to Domain 
net ads join -U administrator  net ads join -U admin_twalters -d3  (for debug) 

Note: when 'join' fails, I changed password server to * 


Working smb.conf 
#================ Begin smb.conf  ==================== 
#--authconfig--start-line-- 

# Generated by authconfig on 2011/10/21 09:01:01 
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) 
# Any modification may be deleted or altered by authconfig in future 

   workgroup = MyCompany 
   password server = * 
   realm =Myco.COM 
   security = ads 
   idmap uid = 500-60000 
   idmap gid = 500-60000 
   winbind separator = + 
   template homedir = /home/% 
   template shell = /bin/false 
   winbind use default domain = false 
   winbind offline logon = yes 

#--authconfig--end-line-- 

# ----------------------- Network Related Options ------------------------- # 
        server string = samba test box 
        netbios name = ussd-dev-lnx01 
        time server = yes 
        local master = no 
        os level = 20 
        preferred master = no 
        name resolve order = bcast host lmhosts 
        wins support = no 
        wins proxy = no 
        dns proxy = no 
        winbind enum users = yes 
        winbind gid = 500-60000 
        winbind gid = 500-60000 
        log file = /var/log/samba3/log.%m 

# Printing Options 
                load printers = no 

#============================ Share Definitions ============================== 

[share1] 
        writeable = yes 
        path = /mnt/share1 
#        public = yes 
        force create mode = 0775 
        force directory mode = 0777 
        valid users = @MYDOM.COM+Group1 

[share2] 
        writeable = yes 
        path = /mnt/share2 
        force create mode = 0775 
        force directory mode = 0777 
        valid users @MYCO.COM+GRP_A_RO 

[public] 
        writeable = yes 
        path = /mnt/public 
        public = yes 
        force create mode = 0775 
        force directory mode = 0777 
        valid users = @MYCO.COM+"Domain Users" 

# ============ end smb.conf  ================ 



Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)