Samba 4, LDAP and KRB

Cédric CACHAT lsf at
Mon Aug 29 09:03:35 GMT 2005


I was advised to subscribe to this mailing list so here is a copy of the 
message I sent to the general samba list to describe what I am trying to 
I want to set up a samba server to replace an Active Directory for my 
Windows workstations.
So far, I have a LINUX network that works perfectly, all my users are 
stored in a LDAP server (openldap) and their authentication is done 
against a MIT Kerberos server. Hence all users have a valid kerberos 
ticket when they log onto a machine in the Network.
I want to include my Windows machines to my linux network.
 From what I understood, Samba can fake an AD so Windows authentication 
at login is done against the Samba server.
So here we go with the questions:
- can Samba use my existing LDAP & Kerberos servers to authenticate 
users? From what I saw, Samba 4 has an imbedded LDAP server and I 
couldn't figure out how to point to my own LDAP server. Nothing is said 
about the smb.conf which is reduced to a minimum, here is what I have:

        netbios name    = <samba server netbios name>
        workgroup       = MONDOMAINE.FR
        realm           =
        domain master   = yes
        domain logons   = yes

        path = /exports/samba/data
        read only = no
Do I need to add some instructions in the file smb.conf? And if samba 
connects to my LDAP server, do I have to add all the CN records to my LDAP?

- I ran a few tests with Samba 4 but I couldn't activate a user account 
so a smbclient command shows
Connection to \\<samba server>\data failed - NT_STATUS_ACCOUNT_DISABLED

Hope somebody knows the answers to those questions, and I hope I was 
clear enough. If such is not the case, don't hesitate to ask me for some 
more information.



More information about the samba-technical mailing list