[Samba] General Questions: Regards ADS

sharif islam sharif.islam at gmail.com
Fri Nov 12 20:20:23 GMT 2004

On Fri, 12 Nov 2004 14:44:14 -0500, Rashaad S. Hyndman
<islandbwoy at toughguy.net> wrote:
> I have been playing with getting my samba server to participate in an Acive
> Directory domain for some time and have noticed a couple things about when i
> get the machine working (or so i think).  One is that when the machine joins
> the domian it always show up as a domain controller.  I dont want this to
> happen.  I simply wish for it to be able to authenticate users to its share
> based on the domain users.  Therefore, only users on the domain should be
> able to get to the samba shares!  Up to this point in have been doing the
> following:
> 1. relam = MY.REALM
> 2. security = ADS
> 3. encrypt passwords = yes
>  and configuring my winbind file.
> Is this all i have to do? Do i have the wrong impression as to what ADS
> security provides?  Again, all i want to do is avoid having to create a user
> for EVERYone on my domain and two allow domain users to authenticate to the
> samba shares.

That is right. AFAIK, if you don't tell the samba machine to be a
domain controller it won' t be one. It will act like a member server.
The user should be able to authenticate via the ADS, no need to create
local accounts. Here's my samba setting for ADS:

        workgroup = REALM
        realm = REALM.ORG
        server string = Samba Server
        security = ADS
        password server = <your domain controller>
        log file = /var/log/samba/samba.log
        name resolve order = wins lmhosts host bcast
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        os level = 0
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        wins server = <if you are wins server>
        idmap uid = 10000-600000
        idmap gid = 10000-600000
        winbind cache time = 600
        winbind use default domain = Yes
        strict allocate = Yes

More information about the samba mailing list