[Samba] Samba / AD integration
eroseme at emonster.rose.hp.com
Tue Aug 5 16:39:36 GMT 2008
Check out this paper:
I wrote it about 3 years ago, so the Samba version was 3.0.7. Things
may have changed. It refers to HP-UX CIFS Server but at the time held
true for Opensource too.
Brian Foddy wrote:
> I have a quick question on hooking Samba to a large AD domain.
> Following the excellent recipe at:
> I see it states about half way down to join the machine to AD
> "Now to join your machine to the active directory. You will need the
> user-name and password to a Domain Administrator account to do this. The
> command you need to join the domain is net ads join -U sadwrn. This
> should then ask you for a password, and print a domain join notice."
> Is this required to use a Domain Administrator account, or can any
> normal user AD account be used? I know AD doesn't allow anonymous
> browsing, but can a normal non-admin account be used? As I read through
> it, I don't see any other special admin access required other the root
> on the Linux machine.
> My goal is this... We have a very large AD system, 80.000+ users, and
> we want to activate Samba on two servers for a very small user group
> (maybe 12 users) but validate userid/passwords against AD. If Samba can
> be setup with little or no AD changes, or involvement from the AD
> administrators, but with some simple config from the UNIX admins, then
> we have a much better chance of getting this approved. But if it
> requires a lot of heavy involvement of the AD support group, ongoing
> maintenance, etc, then the odds are slim. Largely political, the UNIX
> admins are much more open to open source solutions than the Windows side
> of the fence. So if this can be sold as "just another AD client app"
> not requiring any special AD domain permissions, we have a chance.
> Thanks for any help/advice.
More information about the samba