How to set up a samba share with Active Directory users and winbind

Resolution

• Configure the RHEL system as an Active Directory client as per How do I join RHEL to Active Directory using Winbind?

• SAMBA share can be configured in smb.conf file as below for groups:

[testshare]
comment = My Samba share
path = /sambashare
read only = yes
guest ok = no
valid users = +"DOMAIN\group1", +"DOMAIN\group2"
write list = +"DOMAIN\group1"

With above configuration, if user accessing the samba share is not in DOMAIN\group1 or DOMAIN\group2 it will not be able to get to the share. If it is in DOMAIN\group1 or DOMAIN\group2 then it will have read access and if it is in DOMAIN\group1 then it will have read/write access.

• SAMBA share can be configured in smb.conf file as below for users:

[testshare]
comment = My Samba share
path = /sambashare
read only = yes
guest ok = no
valid users = "DOMAIN\user1", "DOMAIN\user2"
write list = "DOMAIN\user1"

• With above configuration, the users mentioned in valid users will be able to get to the share. If it is DOMAIN\user1 or DOMAIN\user2 then it will have read access and if it is in DOMAIN\user1 then it will have read/write access.

• Make sure that the share has proper permissions (two back slashes are required for the first command because a backslash is considered an escape character).

# chgrp -R "DOMAIN\\domain users" /sambashare/
# chmod -R g+rws /sambashare/
# chcon -R -t samba_share_t  /sambashare/

For more information on setting up permission on samba shares refer : How do I set permissions to Samba shares?

• SAMBA share can be accessed locally or from remote system via smbclient as:

# smbclient hostname_of_samba_server -U username  <---- Listing the shares
# smbclient //hostname_of_samba_server/testshare -U username