[Samba] Authenticating Linux Against AD with Winbind
Aaron Kincer
kincera at gmail.com
Tue Oct 10 15:43:11 GMT 2006
There are how-tos out there that clearly highlight what you have to do
in order to get authentication against Active Directory. You need to use
Google (or some other search engine) effectively to find them. I can
tell you that in order to have proper AD authentication, you must
absolutely use:
security = ads
If you use that string in a search engine along with a few other key
words pertinent to your environment, you will likely find all you need
to get started.
Hope that helps. It would also help if you took some time over lunch (or
two) to peruse through the smb.conf documentation and read about each
option. I know people hate to hear anything like RTFM, but it will help
you gain better understanding.
By the way, Microsoft Active Directory (native 2000/2003 domains)
authentication is, by definition, Kerberos based. So whether you know it
or not, you do in fact use Kerberos.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/kerberos.mspx
Jason Rotunno wrote:
> James Zuelow wrote:
>> You're trying to authenticate against active directory:
>>
>>
>>> I'm trying to set up a Linux box to authenticate users against AD
>>
>> But your config doesn't agree with you:
>>
>>
>>> security = server
>>>
>>
>> And you may have cut them out, but I see no realm entry to specify the
>> AD domain.
>>
>
> Thanks for the reply. I'm a bit confused, though. The how-to doesn't
> say anything about either of these options. Actually, I checked a
> number of different how-tos and docs and some include them, while
> others don't. (??) Also, sorry for my lack of knowledge but realm
> refers to the kerberos realm, correct? We don't use kerberos and I was
> under the impression that it wasn't necessary, since some docs (such
> as the one I'm using) don't mention anything about it.
>
> Thanks for your help,
> Jason
More information about the samba
mailing list