.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |date| date:: .. meta:: :description: Setting up a Samba File Server on RedHat8 and derived distributions :keywords: File Server Samba, documentation .. _fileserver_install_redhat: ******************************************************************* Setting up a Samba File Server on RedHat8 and derived distributions ******************************************************************* .. attention:: This documentation is based on the **Redhat8** distribution. The Samba package version of the Redhat8 distribution is sufficiently up-to-date to provide optimal file service. There is therefore no need to recompile Samba from source. .. note:: In this documentation, it is assumed: * That you will have installed the system base of your file server by following the :ref:`base installation documentation ` and that your server is called *srvfiles*. * That the IP address of your domain controller is *192.168.1.11*. * That your domain is called *mydomain.lan*. * Modify the file :file:`/etc/hosts` so that it contains the DNS resolution of the FQDN of the machine on its IP (ie not 127.0.0.1), with the long name first then the short name. * Modify the :file:`/etc/resolv.conf` file to point to the AD DNS, modify the :file:`network-scripts` file as well: .. code-block:: ini search mydomain.lan domain mydomain.lan nameserver 192.168.1.11 .. hint:: Add domain mydomain.lan in the :file:`/etc/resolv.conf` file is necessary because in the ``smb.conf``, the winbind use ``default domain`` = **yes** option relies on it. If this is not done, it causes the following problems: * Problem with the command :command:`net ads testjoin` that says it can’t find the domain controller. * The command :command:`chown userad1 myfile` does not work. * A :command:`wbinfo -u / -g / -i` does not return a result. * Reboot the machine so it takes its new name into account: .. code-block:: bash reboot * Install the dependencies; .. code-block:: bash yum install samba samba-winbind samba-winbind-clients krb5-workstation Joining the file server to the domain ===================================== * Edit the :file:`/etc/krb5.conf` file and replace the whole file with the lines below: .. code-block:: ini [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = MYDOMAIN.LAN * Ensure that the DNS configuration in :file:`/etc/nsswitch.conf` has not been modified by installing any package. If the host line looks like the line below, change it to look like the line just after: .. code-block:: ini hosts: files dns mdns4_minimal [NOTFOUND=return] mdns #BAD!!! hosts: files dns myhostname #GOOD * Ensure that kerberos is properly configured: .. code-block:: bash kinit administrator klist .. include:: ./smb_conf.rst.inc Joining the file server to the domain ===================================== .. code-block:: bash net ads join -U administrator * Configure the :file:`/etc/nsswitch.conf` file, change the following lines: .. code-block:: ini passwd: files sssd winbind group: files sssd winbind shadow: files sssd winbind * Enable & restart services: .. code-block:: bash systemctl enable winbind smb systemctl restart winbind systemctl restart smb * Reboot in order to empty the nsswitch caches: .. code-block:: bash reboot * Check the correct connection to the domain: * The following 3 commands should return users, groups and AD account informations as received by :program:`winbindd`: .. code-block:: bash wbinfo -u wbinfo -g wbinfo -i administrator * The 2 following commands should return users and groups with their *uidNumber* as interpreted by the Linux system. Make sure that you can see the users of the AD: administrator, krbtgt, etc. .. code-block:: bash getent passwd administrator getent group "domain admins" Creating network shares ======================= .. code-block:: bash mkdir /home/shares chown administrator:"domain users" /home/shares chmod 770 /home/shares