
From Amar
Jump to navigationJump to search

Samba Set up Single Computer

Set up synchronized time

service ntpd stop
service ntpd.start

Hostname must contain the proper domain


You can dynamically change it with

hostname xxxxxxx.domain.tld

CentOS 7

/etc/hostname contains name

hosts file MUST list the name different from localhost

/etc/hosts               localhost.localdomain localhost          xxxxxxxx.domain.tld
192.168.10.yyy           ad1.domain.tld

krb5 set up right

 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

 default_realm = DOMAIN.TLD
 dns_lookup_realm = false
 dns_lookup_kdc = false

 kdc = ad1.domain.tld:88
 admin_server = ad1.domain.tld:749
 default_domain = domain.tld

 .domain.tld = DOMAIN.TLD
 domain.tld = DOMAIN.TLD
 profile = /var/kerberos/krb5kdc/kdc.conf

 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true

Run kinit

 kinit Administrator

Configure Samba


       workgroup = DOMAIN
       server string = dev01.domain.tld
       netbios name = dev01
       hosts allow = 192.168.10.

       encrypt passwords = yes
       guest ok = yes
       winbind enum users = yes
       winbind enum groups = yes
       winbind cache time = 10

       # logs split per machine
       log file = /var/log/samba/%m.log
       # max 50KB per log file, then rotate
       max log size = 50

       security = ads
       realm = DOMAIN.TLD
       client use spnego = yes
       password server = ad1.domain.tld

       local master = no
;       os level = 33
;       preferred master = yes

       wins server = ad1.domain.tld
;       wins proxy = yes

;       dns proxy = yes

#============================ Share Definitions ==============================

  idmap uid = 16777216-33554431
  idmap gid = 16777216-33554431
  template shell = /bin/false
  winbind use default domain = no
  winbind separator = +

Join Domain

restart services to be sure

service winbind restart
service smb restart
service nmb restart

net ads join -U Administrator

Modify nsswitch

passwd:     files winbind
shadow:     files
group:      files winbind
protocols:  files winbind
rpc:        files winbind
services:   files winbind

Run Services

restart services to be sure

service winbind restart
service smb restart
service nmb restart


wbinfo -u
wbinfo -g
getent passwd
getent group

Jacques Approved !!

Samba Set up Active Directory

apt install samba bind9 winbind bind9utils krb5-user
# Global parameters
   netbios name = DNSAD
   realm = HQ.AMAR.COM
   server role = active directory domain controller
   workgroup = AMARHQ

   server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
   idmap_ldb:use rfc2307 = yes
   domain master = Yes
   wins support = Yes
   # wins server =
   path = /var/lib/samba/sysvol
   read only = No
   path = /var/lib/samba/sysvol/
   read only = No

Disable Regular Samba and Enable samba-ad-dc

systemctl unmask samba-ad-dc
systemctl mask smd
systemctl mask smbd
systemctl mask nmbdd
systemctl mask winbind
systemctl mask systemd-resolved

Configure /etc/

   HQ.AMAR.COM = {
       kdc =
       kdc = <ip>
       kdc =
       kdc =
       admin_server = <ip>
       default_domain =
   [domain_realm] = HQ.AMAR.COM = HQ.AMAR.COM

Extra Directories in /var/cache/bind


← Back to Notepad

© 2000-2025 Jacques Amar Amar Micro Inc.