====== Authenticate Samba users using PBIS Open integration ======
Make sure the server is an AD domain member using pbis open
Connect samba to pbis open
cd /opt/pbis/bin
sudo ./samba-interop-install --check-version
sudo ./samba-interop-install --install
sudo service smbd restart
sudo service winbind restart
Prepare folder:
sudo mkdir /shares
sudo chgrp domain^users /shares
sudo chmod 0770 /shares
Edit /etc/samba/smb.conf
[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
machine password timeout = 0
security = ADS
netbios name = fs
###idmap domains = ALL
idmap config ALL:backend = lwicompat_v4
idmap config ALL:default = yes
idmap config ALL:readonly = yes
###idamp uid = 10000-33554431
idmap gid = 10000-33554421
server string = File Server - %h
dns proxy = no
log file = /var/log/samba/%m.log
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[shares]
comment = shares
path = /shares
read only = no
guest ok = no
browsable = yes
writeable = yes
#Users with root access
#admin users =
#Users who can connect to share
valid users = @DOMAIN\domain^users
#Users who cant connect
#invalid users =
#Users who have ro access
#read list =
#Users who have r+w access
write list = @DOMAIN\domain^users
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
directory security mask = 0770
###force directory security mode = 0770
###force group = domain^users
{{tag>["active directory" linux "pbis open" samba cifs]}}