Using this link https://wiki.samba.org/index.php/Shares_with_Windows_ACLs, I was able to make a file share on CentOS 7.511 using Samba 4.5.1 AD DC on the server domain controller itself, and using Windows ACLs to control the share and the security.
But not on CentOS member though; the member is suppose to do the file and print sharing according to Samba, and not the domain controller. All instructions on the below link to setup a Linux member server went with no errors until time to join the domain. I might doing something wrong.
$ sudo net ads join -U administrator Host is not configured as a member server. Invalid configuration. Exiting.... Failed to join domain: This operation is only allowed for the PDC of the domain.
Pre Making-a-Share on the Domain Controller:
Make sure Samba was compiled with ACL support. Check with the following command:
$ smbd -b | grep HAVE_LIBACL HAVE_LIBACL
If “HAVE_LIBACL” is not found, then Samba was compiled without extended ACL support. If you compiled Samba yourself, see Samba Dependencies Required to Build Samba.
The link also states you should add SeDiskOperatorPrivilege to the Domain Admins. I made the shares with the privilege and without the privilege, and it’s the same result. They both work.
Making the share folder.
$ mkdir -p /srv/samba/Docs/
Change the group permission to “Full Control”
$ chmod g=rwx /srv/samba/Demo/
Add the new share to your smb.conf.
[Docs] path = /srv/samba/Docs/ read only = no
$ smbcontrol all reload-config
Changing the Share Permissions and Security for the Share:
Note: When access the Computer/Manage of the Samba Domain Server and trying to click on the System Tools to access the Sharing Folder, it gives this message. Just click on the OK button and it goes away.
Using the Domain administrator, making only Domain Users has Full Control of the Docs share and no one else.
And making Domain Admins Full Control and Domain Users only Read access.