[Samba] Authenticating Linux Against AD with Winbind

James Zuelow James_Zuelow at ci.juneau.ak.us
Tue Oct 10 17:19:59 GMT 2006


> 
> Thanks for the reply. I'm a bit confused, though. The how-to
> doesn't say
> anything about either of these options. Actually, I checked a
> number of
> different how-tos and docs and some include them, while others don't.
> (??) Also, sorry for my lack of knowledge but realm refers to the
> kerberos realm, correct? We don't use kerberos and I was under the
> impression that it wasn't necessary, since some docs (such as the one
> I'm using) don't mention anything about it.
> 
> Thanks for your help,
> Jason

Aaron has already replied with some good advice.

I think what happened is that you were following a howto that has
assumptions about the state of your samba install - it concerns only a
small piece of the puzzle.

The documentation included with Samba is actually very good.  If you are
just starting out, I suggest that you install swat and then look at your
configuration through the swat web pages.

Go to the Globals section (change to 'advanced' view to see all of the
options -- you may not need that amount of detail though).  You'll
notice a hyperlink to the left of every option.  Clicking on the
hyperlink will display a description of the option in another browser
window.

For example, the description for "server" includes:

===================================================
SECURITY = ADS
In this mode, Samba will act as a domain member in an ADS realm. To
operate in this mode, the machine running Samba will need to have
Kerberos installed and configured and Samba will need to be joined to
the ADS realm using the net utility. 
Note that this mode does NOT make Samba operate as a Active Directory
Domain 
Controller. 
Read the chapter about Domain Membership in the HOWTO for details.
===================================================

Note that this isn't an all-inclusive "set this in your particular
setup" -- but it does tell you that you're going to need Kerberos, and
does point you at the right chapter in the howto if you're still not
sure.


James Zuelow....................CBJ MIS (907)586-0236
Network Specialist...Registered Linux User No. 186591


More information about the samba mailing list