C7 AD Server

Home » CentOS » C7 AD Server
CentOS 13 Comments

Hi there, I want to setup a AD server with C7. Is this supported using samba release shipped with C7?

I can’t found CentOS7 related how-to for study this setup.

Can someone point me in the right direction?

Thanks in advance

13 thoughts on - C7 AD Server

  • Il 06/02/2016 12:43, Alessandro Baggi ha scritto:

    Reading from Samba Wiki:

    Make sure that you use a recent Samba and note, that not all distributions currently ship Samba packages, with Active Directory Domain Controller capabilities. One of the reasons is, that some distributions are based on MIT Kerberos, while Samba (currently) only supports Heimdal Kerberos. E. g. Red Hat operating systems (RHEL, CentOS, Fedora, etc.) are affected. In this case, choose one of the other install options.

    For this I must use SerNet version due to Kerberos Version, and at this time seems to be usable under payments.

    What is the way?

  • Il 06/02/2016 14:52, Alessandro Baggi ha scritto:

    Correction for last post. We can use enterprise samba packages. SAMBA+
    is under payments.

    Someone had experiences with EnterpriseSamba?

  • Try this. I have been thinking of trying it on C7. http://www.linuxhelp.net/forums/index.php?showtopic=10868

    —–Original Message—–
    From: “Alessandro Baggi”
    Sent: ‎2/‎6/‎2016 8:02 AM
    To: “CentOS@CentOS.org”
    Subject: Re: [CentOS] C7 AD server

    Il 06/02/2016 14:52, Alessandro Baggi ha scritto:

    Correction for last post. We can use enterprise samba packages. SAMBA+
    is under payments.

    Someone had experiences with EnterpriseSamba?

  • I wouldn’t follow the instructions on that link.

    Disable iptables? Nah!

    The author lumps SELinux and the firewall together.

    What is said about DNS is also misleading. DNS is crucial for AD.

    Please look at the Samba Wiki instead.

  • Il 07/02/2016 01:11, Miguel Medalha ha scritto:

    Hi Miguel, last link was outdated and I’m using samba4. Over this, I’ve used sernet samba version to accomplish this work. First, the configuration with samba-tool is simpler. The new approach is a AIO solution.

    Then, I’ve provisioned the domain without any problems and joined from win7 host. All works fine.

    The next step that I tried to accomplish is create a share on this host and I’ve encountered problem with permission on shared dir. If I try to access/write/read this share I get permission denied. Setting permission on 777 all works but this is not what I want. I’ve tried to verify the existence of create users and groups but on system
    (using getent) users are not seen on system and the same for groups. On DC side, I can see user and group with wbinfo command.

    Share file system is xfs. At the moment Selinux and firewalld are disable for test purpose. How I can assing permission on this share?

  • these articles could help you. first one is english and second is turkish http://www.alexwyn.com/computer-tips/CentOS-samba4-active-directory-domain-controller http://www.koraykey.com/?p842
    From: Miguel Medalha
    To: chris weisiger
    Cc: CentOS mailing list
    Sent: Sunday, February 7, 2016 2:11 AM
    Subject: Re: [CentOS] C7 AD server

    I wouldn’t follow the instructions on that link.

    Disable iptables? Nah!

    The author lumps SELinux and the firewall together.

    What is said about DNS is also misleading. DNS is crucial for AD.

    Please look at the Samba Wiki instead.

  • Il 07/02/2016 15:59, Miguel Medalha ha scritto:

    Hi Miguel, I’ve followed the wiki how to but, I want configure a share on same machine where is hosted DC and seems that this is not possible.

    I’ve configured AD DC on C7 using ServNet packages. Now after provisioning, I’ve tried to join a win7 host and all works.

    After this, I’ve tried to add a share on AD server for all client, but when I try to assign permission on dir, I can’t because my local system can’t see domain user.

    If I run wbinfo -u I can see user domain. If I run getent passwd, I
    can’t see user domain, and so I can’t give permission on share for this user but only using 777 on share directory (and this is not what I want).

    Now, If I put a new samba4 machine and configure it as domain member, and join the domain, I can assign on this machine permission for user as explained from samba wiki. But this is not my case.

    I need to configure DC and share on same machine, but I can’t figure out why I can’t see domain user in my local system.

    Where is the problem?

    Thanks in advance

  • Il 07/02/2016 17:18, Ben Archuleta ha scritto:

    Thanks Ben, but this is for PDC NT not for AD DC. With C7 to perform this, I must install sernet samba version or change distro.

  • Il 07/02/2016 18:33, Nizar Armansyah ha scritto:
    Thanks for the links. I found the problem. After some tries, I have added winbind on nsswitch.conf. Running getent passwd Domain user was not printed after local user and with this I’ve tried to find a solution without try the share. After several operation ecc..I’ve runned id “created domain user” and user exists. Tried also to chown domuser:domgr file and works but from getent I can’t get user domain.

    This is a bug on CentOS or it is related due to sernet package (winbind)??

  • I personally prefer to use sssd-ad instead of winbind. Works like a charm also in addition to sudo configuration.

    Regards Tim

    Am 7. Februar 2016 18:55:24 MEZ, schrieb Alessandro Baggi :