Create a File Server on CentOS 7 with Active Directory integration

Basic background:

First HDD contains the OS. A second HDD is mapped for the data on /storage0/data.

So first step is to move the home drive location to the data partition:

# Change home directory location
mkdir -p ${HOME_DIR}
chcon -R -t samba_share_t ${HOME_DIR}
sed -i "s#^\(HOME\s*=\s*\).*\$#\1${HOME_DIR}#" /etc/default/useradd
setsebool -P samba_enable_home_dirs 1

# Next, install and configure Samba
yum install -y samba samba-client samba-common
systemctl enable smb.service
systemctl enable nmb.service
mkdir -p /storage0/data
chcon -R -t samba_share_t /storage0/data
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload
cp /etc/samba/smb.conf /etc/samba/smb.conf.orig
vi /etc/samba/smb.conf
#Find “security = user” line and add “map to guest” line like below.
#security = user
#map to guest = Bad User
# comment out homes and printers

# Anonymous share
mkdir -p /storage0/data/anonymous
chown -R nobody:nobody /storage0/data/anonymous

RW user
[Anonymous] (Name anonymous)
        path = /shares/anonymous
        guest ok = yes
        browsable =yes
        writable = yes

RO user (Name anonymous)
        path = /shares/anonymous
        browsable = yes
        read only = Yes
        guest only = Yes

systemctl reload smb.service

Home Directory share

# Re-anable  if disabled
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

setsebool -P samba_enable_home_dirs 1

mkdir /shares/google
groupadd smbgg

Step 2 » Change ownership and permission for the directory.
chown -R root:smbgg /shares/google
chmod -R 0770 /shares/google

useradd larry -s /usr/sbin/nologin -G smbgg # Create user larry by adding to the group smbgg in a single command .
smbpasswd -a larry # Create samba password using the below command .

         comment = Google Share
         path = /shares/google
         valid users = @smbgg
         guest ok = no
         writable = yes
         browsable = yes
         force group = smbgg
         #### Below lines are to allow user to edit files created by another user
         create mask = 0660
         force create mode = 0660
         directory mask = 0770
         force directory mode = 0770

systemctl reload smb.service


Now test if you can see your initial shares and everything should work.

Next step is the integration to an Active Directory Domain.

yum install realmd samba samba-common oddjob oddjob-mkhomedir sssd ntpdate ntp

$ systemctl enable ntpd.service
$ ntpdate dc1.mydomain.local
$ systemctl start ntpd.service