[Samba] Samba / AD integration

Brian Foddy brian.foddy at nwa.com
Tue Aug 5 15:50:21 GMT 2008

I have a quick question on hooking Samba to a large AD domain.  
Following the excellent recipe at:


I see it states about half way down to join the machine to AD

"Now to join your machine to the active directory. You will need the 
user-name and password to a Domain Administrator account to do this. The 
command you need to join the domain is net ads join -U sadwrn. This 
should then ask you for a password, and print a domain join notice."

Is this required to use a Domain Administrator account, or can any 
normal user AD account be used?  I know AD doesn't allow anonymous 
browsing, but can a normal non-admin account be used?  As I read through 
it, I don't see any other special admin access required other the root 
on the Linux machine.

My goal is this...  We have a very large AD system, 80.000+ users, and 
we want to activate Samba on two servers for a very small user group 
(maybe 12 users) but validate userid/passwords against AD.  If Samba can 
be setup with little or no AD changes, or involvement from the AD 
administrators, but with some simple config from the UNIX admins, then 
we have a much better chance of getting this approved.  But if it 
requires a lot of heavy involvement of the AD support group, ongoing 
maintenance, etc, then the odds are slim.  Largely political, the UNIX 
admins are much more open to open source solutions than the Windows side 
of the fence.  So if this can be sold as "just another AD client app" 
not requiring any special AD domain permissions, we have a chance.

Thanks for any help/advice.

More information about the samba mailing list