[Samba] Difference Between Domain and ADS security In Reference to Realms

John H Terpstra jht at samba.org
Wed Jan 14 17:43:46 GMT 2004

On Wed, 14 Jan 2004, Harmon, Leigh wrote:

> Hi,
> I've been researching which type of security to use with Samba 3.0.1 and I still
> don't understand what the difference is between "security=DOMAIN" versus
> "security=ADS."  I complied Samba to include ADS support, and I initially chose
> "security=DOMAIN."  When I use the "net" command I can add it to my domain.
> However, if I set "realm=our.ads.realm" and do the same "net" command, then I
> get a message saying that server was added to the realm.  What is the difference
> between adding the Samba server to the realm using "security=DOMAIN" versus
> adding it to the realm using "security=ADS?"

"security = DOMAIN" causes Samba to work with your Active Directory domain
as if it is an NT4 server - using remote procedure call (RPC)
authentication. This requires NetBIOS over TCP/IP.

"security = ADS" causes Samba to communicate with Active Directory using
Kerberos authentication protocols and does not require NetBIOS over TCP/IP

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list