Samba Share Active Directory integration with Kerberos

Permanently assign DNS servers

#

You should not directly modify the /etc/resolv.conf file, nor would the changes remain permanent. Use resolvconf to change DNS settings.

Add entries for your domain controller and default gateway

nameserver 192.168.60.2 # Example: Domain Controller
nameserver 192.168.60.1 # Example: Default Gateway / Router

Adapt hosts file

#

Add the Domain Controller and the Domain Controllers fully qualified domain name (FQDN) to the /etc/hosts file, vi /etc/hosts.

Example:

127.0.0.1 localhost SAMBA.YOUR.DOMAIN # Example: your samba domain name
127.0.1.1 fake_hostname # Does not matter

192.168.60.2 YOUR.DOMAIN # Example: Domain Controller IP & domain name
192.168.60.2 DC.YOUR.DOMAIN # Example: Domain Controller IP & fully qualified domain name

Check DNS resolution with nslookup:
nslookup YOUR.DOMAIN
nslookup DC.YOUR.DOMAIN Also check with FQDN

Install Realmd and Samba

#

Join the Domain

#

Create an Active Directory user with the permissions to Domain Administrator privileges. In this example the user is called “Admin”.

Join the Domain:

sudo realm join -v --membership-software=samba --client-software=winbind  YOUR.DOMAIN -U 'Admin@your.domain'

Write down the domain short name from the join domain command.
Optional to leave the domain use the following command:
realm leave YOUR.DOMAIN -U 'Admin@your.domain'

Add Winbind to nsswitch

#

Edit the nsswitch.conf file with vi /etc/nsswitch.conf and add winbind to passwd and group. The edited config file should look like follows:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd winbind
group:          files systemd winbind
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Winbind should be enabled by default and it should not be necessary to restart the service, but here a the Commands to do so:

Edit smb.conf to create a share: vi /etc/samba/smb.conf.
Here is an example for a simple share, add it add the end of the cmb.conf file. Create a directory to store the files of the share, in this example /samba is used:

[samba-test-share]
    path = /samba
    comment = Storage share
    writable = yes
    guest ok = no

After the smb.conffile modified it is necessary to restart the samba service, use the following commands to do so:

Troubleshooting: /etc/netplan

#

Check your network settings, the standard configuration file is /etc/netplan/00-installer-config.yaml but check the /etc/netplan/ for custom configuration files.

If you don’t use DHCP to assign IP addresses, define an custom IP under addresses and define your default gateway / router under routes and your domain controller and default gateway / router in the nameservers section.

network:
  version: 2
  renderer: networkd
  ethernets:
    ens33:
      addresses:
        - 192.168.30.10/24
      nameservers:
        search: [your.domain]
        addresses: [192.168.60.2, 192.168.60.1]
      routes:
        - to: default
          via: 192.168.60.1

Mount Samba Share to Linux host

#

Insert your Domain credentials into .sambacredentials file:

# Should look like this
username=user@domain
password=password

Temporary mount Samba Share

#

sudo mount -t cifs -o rw,vers=3.0,credentials=/root/.sambacredentials //IP/share /mountpoint

To unmount the Samba Share use:
umount /mountpoint

Permanently mount Samba Share:

#