[Fwd: Re: [Samba] Authenticating Linux Against AD with Winbind]
Aaron Kincer
kincera at gmail.com
Tue Oct 10 19:00:58 GMT 2006
Here's what I used for Ubuntu and it worked like a charm:
http://ubuntuforums.org/archive/index.php/t-91510.html
Dale Schroeder wrote:
> Jason,
>
> I used these.
>
> http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
>
> http://www.enterprisenetworkingplanet.com/netos/article.php/10951_3502441_1
>
>
>
> Dale
>
> -------- Original Message --------
> Subject: Re: [Samba] Authenticating Linux Against AD with Winbind
> Date: Tue, 10 Oct 2006 11:43:11 -0400
> From: Aaron Kincer <kincera at gmail.com>
> To: Jason Rotunno <jrotunno at swarthmore.edu>
> CC: samba at lists.samba.org
> References:
> <D1587DCF6294524BAFA2C9944312FCC82F5929 at city-exch-w3e.cbj.local>
> <452BA4DB.40206 at swarthmore.edu>
>
>
>
> There are how-tos out there that clearly highlight what you have to do
> in order to get authentication against Active Directory. You need to
> use Google (or some other search engine) effectively to find them. I
> can tell you that in order to have proper AD authentication, you must
> absolutely use:
>
> security = ads
>
> If you use that string in a search engine along with a few other key
> words pertinent to your environment, you will likely find all you need
> to get started.
>
> Hope that helps. It would also help if you took some time over lunch
> (or two) to peruse through the smb.conf documentation and read about
> each option. I know people hate to hear anything like RTFM, but it
> will help you gain better understanding.
>
> By the way, Microsoft Active Directory (native 2000/2003 domains)
> authentication is, by definition, Kerberos based. So whether you know
> it or not, you do in fact use Kerberos.
>
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/kerberos.mspx
>
>
>
> Jason Rotunno wrote:
>> James Zuelow wrote:
>>> You're trying to authenticate against active directory:
>>>
>>>
>>>> I'm trying to set up a Linux box to authenticate users against AD
>>>
>>> But your config doesn't agree with you:
>>>
>>>
>>>> security = server
>>>>
>>>
>>> And you may have cut them out, but I see no realm entry to specify the
>>> AD domain.
>>>
>>
>> Thanks for the reply. I'm a bit confused, though. The how-to doesn't
>> say anything about either of these options. Actually, I checked a
>> number of different how-tos and docs and some include them, while
>> others don't. (??) Also, sorry for my lack of knowledge but realm
>> refers to the kerberos realm, correct? We don't use kerberos and I
>> was under the impression that it wasn't necessary, since some docs
>> (such as the one I'm using) don't mention anything about it.
>>
>> Thanks for your help,
>> Jason
>
More information about the samba
mailing list