Samba as ADS member server

Benjamin Scott bscott at ntisys.com
Mon Jan 31 19:52:00 EST 2005


On Mon, 31 Jan 2005, at 2:40pm, bill at bfccomputing.com wrote:
> Does anybody have an smb.conf for a Samba 3 server as an ADS member server
> (using ADS for authentication)?

  The key ingredient is to put

	security = ADS
	realm = ad-domain.example.com

in your smb.conf file.

  The Kerberos stuff is "magic" to me.  I just followed the HOWTO, which 
basically says "don't screw with it unless you have to".  I didn't have 
to.

  To actually create the trust relationship between Samba and AD, you need 
to run this command once:

	net ads join -U Administrator%password

  I think that was all of it.

> I suspect I'm doing something wrong in configuring the LDAP lookups but
> I'm not finding out where...

  Hrm?  I've never had to worry about the internals of LDAP with Samba in
AD.  Samba just makes all that happen for me.  Maybe that's your problem?  
Samba as an ADS member is not the same as Samba as a stand-alone using an
LDAP backend for the password database.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |




More information about the gnhlug-discuss mailing list