[Samba] Samba & Win2k AD domain membership

Gordon Hopper g.hopper at computer.org
Mon May 9 06:08:00 GMT 2005

No, you don't need to run winbind (provided that all of your Samba users
already have unix accounts, or you list them in your smbusers file).  I
use Samba+Kerberos (with Active Directory) without running winbind.  I
didn't modify my pam settings because I'm using Kerberos only for Samba.

Note that, in this scenario, my AD users cannot log in to the box (with
e.g. telnet).  Also, I map the file permissions with "force user = x",
since the users don't have a read uid on the box.  (Also, I can't access
AD groups without winbind...  There are some downsides, but Samba does
work without it.)


Gordon Hopper

On Sat, 2005-05-07 at 13:17 -0700, Rodre Ghorashi-Zadeh wrote:
> Hello,
> I am trying to setup my samba server version 3.0.10-1.fc3 as a Win2k Domain
> Member. What I need to know is once I have ADS security and Kerberos
> working, do I still need to use winbind or ldap for client authentication or
> will Kerberos take care of it?
> Rodre Ghorashi-Zadeh
> Chief Systems Engineer
> Conduit Technical Environments Corporation
> 604.785.4888

More information about the samba mailing list