Authenticate Samba users using PBIS Open integration

Make sure the server is an AD domain member using pbis open

Connect samba to pbis open

cd /opt/pbis/bin
sudo ./samba-interop-install --check-version
sudo ./samba-interop-install --install
sudo service smbd restart
sudo service winbind restart

Prepare folder:

sudo mkdir /shares
sudo chgrp domain^users /shares
sudo chmod 0770 /shares

Edit /etc/samba/smb.conf

[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
machine password timeout = 0
security = ADS
netbios name = fs
###idmap domains = ALL
idmap config ALL:backend = lwicompat_v4
idmap config ALL:default = yes
idmap config ALL:readonly = yes
###idamp uid = 10000-33554431
idmap gid = 10000-33554421
server string = File Server - %h
dns proxy = no
log file = /var/log/samba/%m.log
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
 
[shares]
        comment = shares
        path = /shares
        read only = no
        guest ok = no
        browsable = yes
        writeable = yes
        #Users with root access
        #admin users =
        #Users who can connect to share
        valid users = @DOMAIN\domain^users
        #Users who cant connect
        #invalid users =
        #Users who have ro access
        #read list =
        #Users who have r+w access
        write list = @DOMAIN\domain^users
        create mask = 0770
        force create mode = 0770
        directory mask = 0770
        force directory mode = 0770
        directory security mask = 0770
        ###force directory security mode = 0770
        ###force group = domain^users
Enter your comment:
105 +2​ = 
 
  • linux/ad_integration/samba_ad_pbis_open.txt
  • Last modified: 2019/10/31 09:05
  • by 127.0.0.1