[Samba] Joining Samba 3.0 to a "pure" Active Directory
Alexander Skwar
lists.ASkwar at email-server.info
Mon Feb 24 06:57:24 GMT 2003
Antti Tikkanen schrieb:
> As someone suggested, use 'kinit username at REALM'. You asked in another
> post how to find out your KDC server: every domain controller is also a
> KDC, so you should use that. If you get a Kerberos TGT, you have Kerberos
> working.
Thanks.
Why is it, that I need to know all these details for Samba? In Windows,
I just enter the name of the AD/domain and then I can join it. In fact,
I wouldn't even know where I could enter these details.
> In your smb.conf, you should have the lines:
Thanks again.
> I don't know what you mean by "special privileges", but I think not. When
> doing 'net ads join', you must have a TGT for a user that has the required
> privileges to add a machine account and alter some attributes (a Domain
> Admin account will do).
With "special privileges" I meant, if I can use any user to join the AD
or if I need an elevated account like Domain Admin. So even if you
didn't understand what I meant, you answered it just perfectly! ;)
> Restrictions can be done on a per user basis, see 'man smb.conf',
> especially things such as 'valid users'. When you use 'security = ADS',
> this is also not a problem.
Good to know.
Alexander Skwar
--
/* So there I am, in the middle of my `netfilter-is-wonderful'
talk in Sydney, and someone asks `What happens if you try
to enlarge a 64k packet here?'. I think I said something
eloquent like `fuck'. */
2.4.3 linux/net/ipv4/netfilter/ip_nat_ftp.c
More information about the samba
mailing list