[Fwd: Re: [Samba] Authenticating Linux Against AD with Winbind]
kincera at gmail.com
Tue Oct 10 19:00:58 GMT 2006
Here's what I used for Ubuntu and it worked like a charm:
Dale Schroeder wrote:
> I used these.
> -------- Original Message --------
> Subject: Re: [Samba] Authenticating Linux Against AD with Winbind
> Date: Tue, 10 Oct 2006 11:43:11 -0400
> From: Aaron Kincer <kincera at gmail.com>
> To: Jason Rotunno <jrotunno at swarthmore.edu>
> CC: samba at lists.samba.org
> <D1587DCF6294524BAFA2C9944312FCC82F5929 at city-exch-w3e.cbj.local>
> <452BA4DB.40206 at swarthmore.edu>
> There are how-tos out there that clearly highlight what you have to do
> in order to get authentication against Active Directory. You need to
> use Google (or some other search engine) effectively to find them. I
> can tell you that in order to have proper AD authentication, you must
> absolutely use:
> security = ads
> If you use that string in a search engine along with a few other key
> words pertinent to your environment, you will likely find all you need
> to get started.
> Hope that helps. It would also help if you took some time over lunch
> (or two) to peruse through the smb.conf documentation and read about
> each option. I know people hate to hear anything like RTFM, but it
> will help you gain better understanding.
> By the way, Microsoft Active Directory (native 2000/2003 domains)
> authentication is, by definition, Kerberos based. So whether you know
> it or not, you do in fact use Kerberos.
> Jason Rotunno wrote:
>> James Zuelow wrote:
>>> You're trying to authenticate against active directory:
>>>> I'm trying to set up a Linux box to authenticate users against AD
>>> But your config doesn't agree with you:
>>>> security = server
>>> And you may have cut them out, but I see no realm entry to specify the
>>> AD domain.
>> Thanks for the reply. I'm a bit confused, though. The how-to doesn't
>> say anything about either of these options. Actually, I checked a
>> number of different how-tos and docs and some include them, while
>> others don't. (??) Also, sorry for my lack of knowledge but realm
>> refers to the kerberos realm, correct? We don't use kerberos and I
>> was under the impression that it wasn't necessary, since some docs
>> (such as the one I'm using) don't mention anything about it.
>> Thanks for your help,
More information about the samba