[Samba] Joining Samba 3.0.2 vanilla to ADS

Sylliaasen, Doug Doug.Sylliaasen at am.sony.com
Tue Oct 5 22:42:20 GMT 2004

I've been looking at several posts for weeks now and finally concluded
through testing how to install Samba 3.X into the Windows Active Directory
environment.  I was completely under the impression that you needed to load
Kerbos/ LDAP and a bunch of other stuff.  In our case our ADS is running in
native mode and I was able to join the domain quite easily.  I've tested
authentications and mapping drives .. and it seems to work correctly.. I'm
still trying to to get the winbindd working .. but hopefully I can get the
working soon as well.
Here's the sequence I followed:
1) Download vanilla Samba 3.0.2 for Solaris 8 .. no special compilation w/
ads - ldap etc
2) installed and configured global parameters below
3) created valid machine account in the ads domain .. made to sure to have
rights to join domain and this account
4) Make sure machine name of the host matches the machine account created in
the ads domain ( netboisname also )
5) samba server is not active/running .. kill all samba processes
6) ADS domain is running in native mode
7) net join -S xxxdomain -U syxxxxx
    password: xxxxx
   Added to Domain xxx  ( response from ADS domain )
8) /etc/init.d/samba.server start 
9) Add user accounts and groups to unix host
10) add user account to samba ( smbpasswd -a user12345 )
11) add entries to the /usr/local/samba/lib/user.map file
       user12345 = user12345
       user34565 = user34565
       (unix acct)     ( ads acctname)
I then ran SWAT and configured a few shares.. adding the groups to rights on
the folders I was sharing.. home by user default was set.
# Samba config file created using SWAT
# from (
# Date: 2004/10/05 15:09:55

# Global parameters
workgroup = AM
netbiosname = machinexxx
 netbios aliases = us-sd-xxx
server string = SD-EC2 Samba Server %h (Samba %v)
interfaces = xx.1xx.16.0/22,
security = DOMAIN
update encrypted = Yes
map to guest = Bad Password
password server = ussdiad ussdiax
username map = /usr/local/samba/lib/user.map
unix password sync = Yes
log file = /usr/local/samba/var/log.%m
max log size = 50
min protocol = LANMAN1
os level = 0
lm announce = Yes
preferred master = No
local master = No
domain master = No
wins server = xx.1xx.95.12
hosts allow = 127., 43.
printing = bsd
hide dot files = No
oplocks = No
level2 oplocks = No
comment = User Home Directories
read only = No
browseable = No

comment = PTC Fileserver Share
path = /export/ptc
invalid users = nobody
valid users = @staff
admin users = @staff
write list = @staff
To browse the shares .. users use the start/run entering   \\hostname
<file://\\hostname>   and then ok .,, this returns the browsable shares
The user selects the share and maps the network drive using the connect as
feature  domain\username ..
This seems to be working fine so far.. and works the same as the server I
have in the Windows NT Domain environment..

More information about the samba mailing list