CentOS Linux release 7.8.2003 (Core)
AD (SSSD)
Packages
$ yum install -y krb5-workstation realmd sssd samba-common adcli oddjob oddjob-mkhomedir samba samba-common-tools
Hostname
The hostname will be a part of FQDN.
e.g. hostname.ambedded.com
Connect to Windows AD
Select Windows AD Server IP as DNS Server
Join AD Server
$ realm discover ambedded.com
$ realm discover join ambedded.com --user administrator
$ realm list
$ net ads info
$ net ads join -U administrator
SSSD Service
$ vi /etc/sssd/sssd.conf
enumerate = True
Check user & group
$ getent passwd
$ getent group
CephFS
$ mount -t ceph 192.168.1.111:/ /mnt -o name=admin,secret=AQCWmFBf5mNSGhAA2lBYM6NXlpyJc/JRPOdN5w==
$ cat /etc/fstab
192.168.1.111:/ /cephfs ceph name=admin,secret=AQCWmFBf5mNSGhAA2lBYM6NXlpyJc/JRPOdN5w==,_netdev 0 2
SAMBA
Firewall
$ firewall-cmd --permanent --zone=public --add-service=samba
$ firewall-cmd --reload
$ setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
SMB.conf
[global]
workgroup = AMBEDDED
realm = AMBEDDED.COM
security = ads
server string = Samba Server %v
log file = /vat/log/samba/log.%m
log level = 4
max log size = 50
load printers = No
printing = bsd
printcap name = /dev/null
cups options = raw
kerberos method = secrets and keytab
ntlm auth = yes
[homes]
comment = Home Directories
read only = No
browseable = No
root preexec = /opt/create-home.sh %S /cephfs
path = /cephfs/homes/%S
[CEPHFS]
comment = Ceph FS
path = /cephfs
public = yes
writable = yes
valid users = @"samba@ambedded.com"
/opt/create-home.sh
#!/bin/bash
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
user=$1
group="samba@ambedded.com"
cephfs=$2
date >> /tmp/tmp
echo "${cephfs}/homes/${user}" >> /tmp/tmp
if [ ! -d "${cephfs}/homes/${user}" ]; then
echo "exec" >> /tmp/tmp
mkdir -m 700 -p "${cephfs}/homes/${user}"
chown "${user}:${group}" "${cephfs}/homes/${user}"
fi
echo "" >> /tmp/tmp
Group & User
In Windows AD Server, create “samba” group
Let “User1” join “samba” group, and set "Primary Group”(主要群組)
Demo
