.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. |date| date::

.. meta::
  :description: Setting up a Samba File Server on RedHat8 and derived distributions
  :keywords: File Server Samba, documentation

.. _fileserver_install_redhat:

********************************************************************
Setting up a Samba File Server on RedHat10 and derived distributions
********************************************************************

.. attention::

  This documentation is based on the **Redhat10** distribution.

  The Samba package version of the Redhat10 distribution is sufficiently up-to-date to provide optimal file service.
  There is therefore no need to recompile Samba from source.

.. note::

  In this documentation, it is assumed:

  * That you will have installed the system base of your file server by following the :ref:`base installation documentation <server_prepare_redhat>` and that your server is called *srvfiles*.

  * That the IP address of your domain controller is *192.168.1.11*.

  * That your domain is called *mydomain.lan*.

* Modify the file :file:`/etc/hosts` so that it contains the DNS resolution of the FQDN of the machine on its IP (ie not 127.0.0.1), with the long name first then the short name.

* Modify the :file:`/etc/resolv.conf` file to point to the AD DNS, modify the :file:`network-scripts` file as well:
  
  .. code-block:: ini

      search mydomain.lan
      domain mydomain.lan
      nameserver 192.168.1.11

.. hint::

  Add domain mydomain.lan in the :file:`/etc/resolv.conf` file is necessary because in the ``smb.conf``, the winbind use ``default domain`` = **yes** option relies on it.
  If this is not done, it causes the following problems:

  * Problem with the command :command:`net ads testjoin` that says it can’t find the domain controller.

  * The command :command:`chown userad1 myfile` does not work.

  * A :command:`wbinfo -u / -g / -i` does not return a result.

* Reboot the machine so it takes its new name into account:

  .. code-block:: bash

    reboot

* Install the dependencies;

  .. code-block:: bash

    yum install samba samba-winbind samba-winbind-clients krb5-workstation

Joining the file server to the domain
=====================================

* Edit the :file:`/etc/krb5.conf` file and replace the whole file with the lines below:

  .. code-block:: ini

    [libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    default_realm = MYDOMAIN.LAN

* Ensure that the DNS configuration in :file:`/etc/nsswitch.conf` has not been modified by installing any package.
  If the host line looks like the line below, change it to look like the line just after:

  .. code-block:: ini

    hosts: files dns mdns4_minimal [NOTFOUND=return] mdns    #BAD!!!
    hosts: files dns myhostname                              #GOOD

* Ensure that kerberos is properly configured:

  .. code-block:: bash

    kinit administrator
    klist

.. include:: samba_fileserver-smb_conf.rst.inc

Joining the file server to the domain
=====================================

.. code-block:: bash

  net ads join -U administrator

* Configure the :file:`/etc/nsswitch.conf` file, change the following lines:

  .. code-block:: ini

    passwd:         files sssd winbind
    group:          files sssd winbind
    shadow:         files sssd winbind

* Enable & restart services:

  .. code-block:: bash
  
    systemctl enable winbind smb
    systemctl restart winbind
    systemctl restart smb

* Reboot in order to empty the nsswitch caches:

  .. code-block:: bash

    reboot

* Check the correct connection to the domain:
  
  * The following 3 commands should return users, groups and AD account informations as received by :program:`winbindd`:

    .. code-block:: bash

      wbinfo -u
      wbinfo -g
      wbinfo -i administrator

  * The 2 following commands should return users and groups with their *uidNumber* as interpreted by the Linux system.
    Make sure that you can see the users of the AD: administrator, krbtgt, etc.

    .. code-block:: bash

      getent passwd administrator
      getent group "domain admins"

Creating network shares
=======================

.. code-block:: bash

  mkdir /home/shares
  chown administrator:"domain users" /home/shares
  chmod 770 /home/shares
