CentOS - Feb 2015 - Setting up Samba as fileserver for existing Windows domain

This is probably covered in many places, but my Google-fu is failing.

I have an existing office of Windows computers, in a domain, with a
couple of Windows Server 2012 AD servers.  I need to add a file server,
so I'd prefer to use CentOS 7 and Samba to do it (because I know very
little about Windows).  However, I'm not finding a good how-to on that.
When I search for "samba active directory" or "samba
domain", the
results are mostly about setting up Samba to be the domain controller,
or join an AD domain as a controller, which I don't really want to do if
I don't have to.

Anybody have any tips, pointers, etc.?
-- 
Chris Adams <linux at cmadams.net>

On Wed, Feb 4, 2015 at 10:05 AM, Chris Adams <linux at cmadams.net>
wrote:
> This is probably covered in many places, but my Google-fu is failing.
>
> I have an existing office of Windows computers, in a domain, with a
> couple of Windows Server 2012 AD servers.  I need to add a file server,
> so I'd prefer to use CentOS 7 and Samba to do it (because I know very
> little about Windows).  However, I'm not finding a good how-to on that.
> When I search for "samba active directory" or "samba
domain", the
> results are mostly about setting up Samba to be the domain controller,
> or join an AD domain as a controller, which I don't really want to do
if
> I don't have to.
>
> Anybody have any tips, pointers, etc.?
If you expect existing domain credentials to work, I think you have to
join the domain.  Depending on the nature of the files being served, I
sometimes find it useful to have a public read-only share and avoid
the authentication mess entirely - copying the files in place with
linux tools or winscp.   It is possible to maintain local accounts on
the linux side and add those to samba (an extra step) but it is
painful to keep passwords in sync.

-- 
   Les Mikesell
     lesmikesell at gmail.com

Once upon a time, Les Mikesell <lesmikesell at gmail.com>
said:
> On Wed, Feb 4, 2015 at 10:05 AM, Chris Adams <linux at cmadams.net>
wrote:
> > I have an existing office of Windows computers, in a domain, with a
> > couple of Windows Server 2012 AD servers.  I need to add a file
server,
> > so I'd prefer to use CentOS 7 and Samba to do it (because I know
very
> > little about Windows).  However, I'm not finding a good how-to on
that.
> > When I search for "samba active directory" or "samba
domain", the
> > results are mostly about setting up Samba to be the domain controller,
> > or join an AD domain as a controller, which I don't really want to
do if
> > I don't have to.
> >
> > Anybody have any tips, pointers, etc.?
> 
> If you expect existing domain credentials to work, I think you have to
> join the domain.  Depending on the nature of the files being served, I
> sometimes find it useful to have a public read-only share and avoid
> the authentication mess entirely - copying the files in place with
> linux tools or winscp.   It is possible to maintain local accounts on
> the linux side and add those to samba (an extra step) but it is
> painful to keep passwords in sync.
Yeah, I want to join the domain, and use domain credentials for access,
I just don't want to be an additional domain controller (which is what
the docs/howtos I keep finding seem to assume).  I've done Samba with
basic locally-configured users before (not in a long time), but this
needs to use domain credentials.

-- 
Chris Adams <linux at cmadams.net>

On 02/04/2015 08:05 AM, Chris Adams wrote:
> This is probably covered in many places, but my Google-fu is failing.
Samba's documentation/howto is here:
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

As others have mentioned, authconfig will take care of some of those 
steps for you, but won't set up Samba.

On Wed, Feb 4, 2015 at 11:20 AM, Gordon Messmer
<gordon.messmer at gmail.com> wrote:
> >
>> This is probably covered in many places, but my Google-fu is failing.
>
>
> Samba's documentation/howto is here:
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
> As others have mentioned, authconfig will take care of some of those steps
> for you, but won't set up Samba.
Authconfig will also set up linux account authentication (and possibly
auto-creation on login) to match the samba setup - which you may or
may not want.    I'd recommend doing it on a text box or VM and then
looking through the changes it makes to the pam and smb configs to
understand how it is supposed to work.   If you are doing multiple
machines, the command line version of authconfig is handy to make
everything match once you get the arguments down.

-- 
   Les Mikesell
      lesmikesell at gmail.com