[Samba] Samba / AD integration
Brian Foddy
brian.foddy at nwa.com
Tue Aug 5 15:50:21 GMT 2008
I have a quick question on hooking Samba to a large AD domain.
Following the excellent recipe at:
http://wiki.samba.org/index.php/Samba_&_Active_Directory
I see it states about half way down to join the machine to AD
"Now to join your machine to the active directory. You will need the
user-name and password to a Domain Administrator account to do this. The
command you need to join the domain is net ads join -U sadwrn. This
should then ask you for a password, and print a domain join notice."
Is this required to use a Domain Administrator account, or can any
normal user AD account be used? I know AD doesn't allow anonymous
browsing, but can a normal non-admin account be used? As I read through
it, I don't see any other special admin access required other the root
on the Linux machine.
My goal is this... We have a very large AD system, 80.000+ users, and
we want to activate Samba on two servers for a very small user group
(maybe 12 users) but validate userid/passwords against AD. If Samba can
be setup with little or no AD changes, or involvement from the AD
administrators, but with some simple config from the UNIX admins, then
we have a much better chance of getting this approved. But if it
requires a lot of heavy involvement of the AD support group, ongoing
maintenance, etc, then the odds are slim. Largely political, the UNIX
admins are much more open to open source solutions than the Windows side
of the fence. So if this can be sold as "just another AD client app"
not requiring any special AD domain permissions, we have a chance.
Thanks for any help/advice.
Brian
More information about the samba
mailing list