Setting Up Samba As Fileserver For Existing Windows Domain

Home » CentOS » Setting Up Samba As Fileserver For Existing Windows Domain
CentOS 5 Comments

This is probably covered in many places, but my Google-fu is failing.

I have an existing office of Windows computers, in a domain, with a couple of Windows Server 2012 AD servers. I need to add a file server, so I’d prefer to use CentOS 7 and Samba to do it (because I know very little about Windows). However, I’m not finding a good how-to on that. When I search for “samba active directory” or “samba domain”, the results are mostly about setting up Samba to be the domain controller, or join an AD domain as a controller, which I don’t really want to do if I don’t have to.

Anybody have any tips, pointers, etc.?

5 thoughts on - Setting Up Samba As Fileserver For Existing Windows Domain

  • If you expect existing domain credentials to work, I think you have to join the domain. Depending on the nature of the files being served, I
    sometimes find it useful to have a public read-only share and avoid the authentication mess entirely – copying the files in place with linux tools or winscp. It is possible to maintain local accounts on the linux side and add those to samba (an extra step) but it is painful to keep passwords in sync.

  • Once upon a time, Les Mikesell said:

    Yeah, I want to join the domain, and use domain credentials for access, I just don’t want to be an additional domain controller (which is what the docs/howtos I keep finding seem to assume). I’ve done Samba with basic locally-configured users before (not in a long time), but this needs to use domain credentials.

  • I think authconfig-tui will set this up for you if you check ‘Use Winbind’ and “Winbind Authentication” and then fill in the AD info on the next screen and hit the Join Domain button. It should add some things to the smb.conf file but you have to add any shares you want besides homes. You will need the AD administrator password to join.

  • Authconfig will also set up linux account authentication (and possibly auto-creation on login) to match the samba setup – which you may or may not want. I’d recommend doing it on a text box or VM and then looking through the changes it makes to the pam and smb configs to understand how it is supposed to work. If you are doing multiple machines, the command line version of authconfig is handy to make everything match once you get the arguments down.