Use winbind for samba if using as fileserver as sssd still has home id map limits and issues

Install

#!/bin/bash
set -e

# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-file_and_print_servers#the_samba_services

yum install -y realmd oddjob-mkhomedir oddjob samba-winbind-clients \
  samba-winbind samba-common-tools

yum install -y samba  # To share directories

yum install -y samba-winbind-krb5-locator

mv /etc/samba/smb.conf /etc/samba/smb.conf.orig


realm join --membership-software=samba --client-software=winbind MYDOMAIN.com -U busk

systemctl start smb
systemctl enable smb

ssh from powershell 10.x.x.x

File Sharing

mkdir /jtest echo "test file for samba" > /jtest/example.txt chown "MYDOMAIN\busk":"MYDOMAIN\Domain Users" /jtest/example.txt

firewall-cmd --permanent --add-port=445/tcp firewall-cmd --reload

setenforce 1 getenforce

vim /etc/selinux/config

<br />## Add share accessed by \\10.x.x.x\jtest
/etc/samba/smb.conf 

have user use id command to get AD group mappings

[jtest]

   path = /jtest
   read only = no
   writeable = yes
   browseable = yes
       # force createmode=0640
       # force directorymode=0750
       create mask = 660
       directory mask = 770
       inherit acls = Yes
   valid users = @"MYDOMAIN\domain users" @"MYDOMAIN\server administrators"

<br /><br /><br />## Some tests
getent passwd MYDOMAIN\\busk
getent group "MYDOMAIN\\Domain Users"
chown "MYDOMAIN\busk":"AD\Domain Users" /srv/samba/example.txt

kinit busk@MYDOMAIN.COM

\\10.x.x.x\jtest

yum install -y tcpdump
tcpdump -nnpli ens192 not port 22