[Samba] Making Red Hat 3 Authenticate against AD Domain

Kevin Riggins kevin.riggins at comdev.com
Tue Oct 19 13:58:17 GMT 2004


I found this webpage to be very useful for setting up samba with active
directory authentication -
http://www.rongage.org/manual_samba_howto.html.  I started with a very
base install of WBEL without samba.  The version of Kerberos that comes
with WBEL is not new enough to work with a Win2K AD domain or at least I
could never get it to work. I used the latest versions of Samba and
Kerberos.  OpenLDAP was not needed since it was already installed on the

My homes share definition looks like this:

        template homedir = /home/%D/%U

        comment = Home Directories
        create mask = 0600
        directory mask = 0700
        read only = no
        browseable = no
        valid users = @"Domain Admins",@"Domain Users"
        veto oplock files = /*.xls/

The "veto oplock files = /*.xls/" line is to take care of a problem with
excel thinking that a file has been changed since opened when it
actually hasn't been.

I created the /home/<DOMAIN>/ directory with the group set to "Domain
Admins" and group rights of u+rwx,g+rwsx,o-rwsx so that I could use
"Active Directory Users and Computers" to set the home directory.  The
domain name had to be all caps for it to work right.  Right now I am
manually creating the home directory and setting ownership and
permissions.  Haven't been able to get the home directory creation
through "Active Directory Users and Computers" working yet.

Kevin Riggins, CISSP
Quester Linguistics, Inc.

-----Original Message-----
From: David Nickel [mailto:dnickel at gmail.com] 
Sent: Tuesday, October 19, 2004 8:31 AM
To: samba at lists.samba.org
Subject: [Samba] Making Red Hat 3 Authenticate against AD Domain

I have a Red Hat 3 AS server I am trying to set Samba 3 up on. I want
to use the homes function of Samba and I want user's to authenticate
against my AD domain. I am having a problem making the server a member
server of my domain.

I tried using the smbpasswd command and got the error about trying net
join for this action. Also, is there anything else I have to do to get
my users to authenticate against the AD domain?


Any help and suggestions would be much appreciated.



To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list