Share folder with realmd / sssd and AD integration

Answering my own question :

the only thing wrong was the valid users section in smb.conf - it appears that %S didn't work at all.

Thus, for a security group named "WebDevGrp" in Windows, on CentOS it will be shown as [email protected] ( you can test via groups [email protected] ), and you can then make the Samba share like so :

[vHosts]
  comment = Virtual Host repository
  path = /var/www/vhosts
  public = no
  writable = yes
  guest ok = no
  valid users = @"[email protected]"

and you don't even get prompted for a password - it's all seamless!

PS. when debugging Samba, add log level = 3 to your config, makes a heck of a difference!.

PPS. I've written a guide to the whole process - going from vanilla freshly installed CentOS 7 to having Samba shares with AD authentication / authorization which you can find at my blog here

Recently I had to configure a Windows/Samba test environment on Fedora and Windows 2012/Windows 7 and had some similar issues. After changing this registry keys on Windows servers/clients everything worked nice :

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\DomainCompatibilityMode=1

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\DNSNameResolutionRequired=0

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecureNegociate=0

But I was using winbind/kinit/etc. to perform AD integration. Maybe this could help you.

EDIT1 :

• Have you installed kerberos package like : krb5-workstation krb5 -libs krb5 -auth -dialog on your CentOS ?
• Does "getent passwd" return you windows domain users ?