Thursday, September 30, 2010

CentOS 5.5, Samba/Winbind, Windows 2008R2 Active Directory

In order to facilitate client backups, I set up samba on CentOS on a Windows 2008R2 based domain. I created an empty directory, /etc/skel2, as I was not planning on letting users log in via ssh or the console.

 Unfortunately, the samba 3.0.x line wouldn't work correctly. I could join the domain, but not connect to shares. Samba logged the following message every connection attempt:


  read_data: read failure for 4 bytes to client 192.168.70.23. Error = Connection reset by peer

I upgraded to the Samba3 package with yum (Samba 3.3.x) and rejoined. I added a pam.d entry in the samba config:

 session required pam_mkhomedir.so skel=/etc/skel2 umask=0077


( I don't want users to see each other's directories. I did not modify system-auth, as I did not want the users to log in with anything but samba.)

And added this to smb.conf:


  winbind separator = \
  # use uids from 10000 to 20000 for domain users
  idmap uid = 10000-20000
 # use gids from 10000 to 20000 for domain groups
 idmap gid = 10000-20000
 # allow enumeration of winbind users and groups
 winbind enum users = yes
 winbind enum groups = yes
 winbind use default domain = yes
 # give winbind users a real shell (only needed if they have telnet access)
 template homedir = /data/clientdata/backups/%D/%U
 template shell = /bin/bash

 obey pam restrictions = yes

An important note, the samba3 rpm separates the smbd and nmbd init scripts, so you'll need to do a separate "chkconfig nmb on."