[Samba] Authenticating Linux Against AD with Winbind

Aaron Kincer kincera at gmail.com
Tue Oct 10 15:43:11 GMT 2006


There are how-tos out there that clearly highlight what you have to do 
in order to get authentication against Active Directory. You need to use 
Google (or some other search engine) effectively to find them. I can 
tell you that in order to have proper AD authentication, you must 
absolutely use:

security = ads

If you use that string in a search engine along with a few other key 
words pertinent to your environment, you will likely find all you need 
to get started.

Hope that helps. It would also help if you took some time over lunch (or 
two) to peruse through the smb.conf documentation and read about each 
option. I know people hate to hear anything like RTFM, but it will help 
you gain better understanding.

By the way, Microsoft Active Directory (native 2000/2003 domains) 
authentication is, by definition, Kerberos based. So whether you know it 
or not, you do in fact use Kerberos.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/kerberos.mspx


Jason Rotunno wrote:
> James Zuelow wrote:
>> You're trying to authenticate against active directory:
>>
>>  
>>> I'm trying to set up a Linux box to authenticate users against AD     
>>
>> But your config doesn't agree with you:
>>
>>  
>>> security = server
>>>     
>>
>> And you may have cut them out, but I see no realm entry to specify the
>> AD domain.
>>   
>
> Thanks for the reply. I'm a bit confused, though. The how-to doesn't 
> say anything about either of these options. Actually, I checked a 
> number of different how-tos and docs and some include them, while 
> others don't. (??) Also, sorry for my lack of knowledge but realm 
> refers to the kerberos realm, correct? We don't use kerberos and I was 
> under the impression that it wasn't necessary, since some docs (such 
> as the one I'm using) don't mention anything about it.
>
> Thanks for your help,
> Jason



More information about the samba mailing list