{"id":3714,"date":"2022-05-16T22:27:42","date_gmt":"2022-05-16T22:27:42","guid":{"rendered":"https:\/\/blog.gordonbuchan.com\/blog\/?p=3714"},"modified":"2023-11-10T16:22:53","modified_gmt":"2023-11-10T16:22:53","slug":"integrating-open-source-software-in-the-enterprise-chapter-1-creating-a-network-file-share-with-linux-and-samba-authenticating-against-active-directory","status":"publish","type":"post","link":"https:\/\/blog.gordonbuchan.com\/blog\/index.php\/2022\/05\/16\/integrating-open-source-software-in-the-enterprise-chapter-1-creating-a-network-file-share-with-linux-and-samba-authenticating-against-active-directory\/","title":{"rendered":"Creating a network file share with Linux and Samba authenticating against Active Directory"},"content":{"rendered":"\n

In this procedure we create a network file share by integrating the open source program Samba running on Linux with Active Directory to authenticate access to the network file share.<\/p>\n\n\n\n

Business case<\/h1>\n\n\n\n

A computer running Linux and Samba can create a network file share authenticating against a company’s Active Directory. This means that a Linux server and Samba network file share software can replace a Windows server for the network file share role in the enterprise, reducing software licensing costs and improving security and stability.<\/p>\n\n\n\n

This procedure was tested on Ubuntu Linux 22.04 LTS<\/h1>\n\n\n\n

This procedure was tested on Ubuntu Linux 22.04 LTS<\/a><\/p>\n\n\n\n

Understanding the test network<\/h1>\n\n\n\n

This procedure was tested on a network of 3 virtual machines, each running in bridge mode, on different hypervisor hosts.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
sudbury<\/td>Windows Server 2019 acting as Active Directory controller for the clarkcounty.gordonbuchan.com domain.<\/td><\/tr>
sandiego<\/td>Ubuntu Linux 22.04LTS desktop joined to the clarkcounty.gordonbuchan.com domain, authenticating access to a network file share enabled by Samba and Winbind against the Active Directory controller for the domain clarkcounty.gordonbuchan.com on sudbury.<\/td><\/tr>
hamilton<\/td>Windows 10 Pro workstation joined to the clarkcounty.gordonbuchan.com domain.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Understanding Active Directory<\/h1>\n\n\n\n

Active Directory<\/a> is commercial software developed by Microsoft that runs primarily on Windows Server. Active Directory can authenticate users and groups of users, and can control access to resources like network file shares and “Single Sign-On” (SSO) login to computers connected to the network.<\/p>\n\n\n\n

Understanding Samba<\/h1>\n\n\n\n

Samba<\/a> is open source free software that enables a Linux server to provide a network file share that can be accessed by Windows computers.<\/p>\n\n\n\n

A note re Samba’s included Active Directory functionality<\/h2>\n\n\n\n

Samba itself is able to act as an Active Directory controller and can implement a subset of Active Directory’s features. This post assumes that you are authenticating against an Active Directory controller running on Windows Server.<\/p>\n\n\n\n

Understanding Winbind<\/h1>\n\n\n\n

Winbind<\/a> is software that enables Samba to integrate with Active Directory to authenticate access to a network file share.<\/p>\n\n\n\n

Understanding System Security Services Daemon (SSSD)<\/h1>\n\n\n\n

SSSD<\/a> is a technology that enables Active Directory integration for Linux workstations. In practice, it is difficult to integrate SSSD with Samba for Active Directory authentication in a stable fashion. There are some approaches to SSSD which incorporate Winbind for a hybrid approach. This procedure will focus on using Winbind, and without using SSSD.<\/p>\n\n\n\n

Choosing Winbind over SSSD for a network file share authenticaticated against Active Directory<\/h1>\n\n\n\n

This procedure will use Winbind to enable Samba to integrate with Active Directory to create a network file share authenticated against Active Directory.<\/p>\n\n\n\n

Objectives<\/h1>\n\n\n\n