[Samba] domain vs. ads

Gary Dale garydale at torfree.net
Sat Nov 5 03:32:45 GMT 2005 

OK. It looks like you are telling Samba to use Kerberos by putting it in
a realm. I believe the trick should be to make your Samba server look
like an NT4 server (one that doesn't understand ADS). Then is should be
able to join using the pre-ADS protocol.


Jason Gerfen wrote:

> I have.  You see the problem I am having is dealing with some users 
> using kerberos for authentication once I have joined the machine to 
> the domain as server = ads.
>
> I only need to authentication users against active directory for this 
> particular machine so I set the server = domain and everytime I 
> attempt to join using net rpc join I recieve errors that the domain is 
> not valid.
>
> jason at new-odin:~> testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[odin]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
>        workgroup = SCL
>        realm = SCL.DOMAIN
>        server string = testmachine
>        security = DOMAIN
>        update encrypted = Yes
>        password level = 20
>        preferred master = No
>        domain master = No
>        idmap uid = 500-500000
>        idmap gid = 500-500000
>        winbind separator = /
>        winbind cache time = 5
>        winbind use default domain = Yes
>        winbind nested groups = Yes
>
> [odin]
>        comment = ODIN
>        path = /odin
>        read only = No
>        inherit acls = Yes
>
>
> Gary Dale wrote:
>
>> Can you be more specific as to what you are looking for?
>>
>> Non-Windows machines can use Samba to join NT or ADS domains without 
>> using Kerberos. This is quite normal. Kerberos is an optional feature 
>> that takes extra configuration.
>>
>> Once in a domain, you can use the Windows groups to control access to 
>> shares.
>>
>> Have you checked out the Samba Howtos and Samba by Example on the 
>> samba.org site?
>>
>>
>> Jason Gerfen wrote:
>>
>>> I want a samba machine to be a member of the domain and 
>>> authentication the users, but I do not want to use kerberos as 
>>> authentication and I also want to limit or authentication users from 
>>> a specific group.
>>>
>>> Examples of this?
>>>
>>
>
>

More information about the samba mailing list