[Samba] RE: why does samba need "anonymous access enabled" on
windows to join AD server?
Andreas
andreas at conectiva.com.br
Wed Sep 29 12:53:49 GMT 2004
On Tue, Sep 28, 2004 at 01:17:06PM -0400, egold at fsa.com wrote:
> I noticed when trying to use a windows active directory server for my
> "password server" that i cannot join the windows AD domain (using the net
> join command) unless the windows server has "anonymous access enabled".
> Why is this? I am trying to join as "administrator" so why does it need
> anonymous?
I think you need to use kerberos, then it will work.
> smb.conf:
> [Global] parameters
> workgroup = MYDOMAIN
> wins support = Yes
> hosts allow = all
> encrypt passwords = Yes
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> update encrypted = No
> lm announce = true
> log level = 2
> # for AD passwords
> # password server = *
> password server = WINSERVER1 WINSERVER2
> security = domain
> [export]
> path = /export
> comment = export
> browseable = yes
> writable = yes
> read only = No
> public = No
>
Try to use "security = ads" and "realm = YOUR.AD.REALM". Configure kerberos, grab a ticket
granting ticket (TGT) for the Administrator principal and you should be able to use "net ads join"
More information about the samba
mailing list