[Samba] Joining Samba host to a Windows DOMAIN

kissg mail.gery at gmail.com
Thu Jul 31 21:19:19 GMT 2008

You can join your Samba server to your AD domain as a member server. It
should work with Samba 3. The basic steps you have to take:

1, Install the Kerberos libraries (I have already tried Heimdal Kerberos,
it's known to work)
Look for the appropriate client package in your package manager. If you use
any recent distribution, this shouldn't be a problem. For example, in
Ubuntu, the name of the required package is "libkrb5-22-heimdal". Also, make
sure you have installed the winbind package (in case it is shipped as a
separate package in your distribution).

2, Configure Samba to act as an AD member server:

# Lines to add or change in the smb.conf file:
realm = <the name of your AD domain>
security = ADS
ldap ssl =  No
template shell = /bin/bash
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000

3, Restart Samba daemons and join your server to the domain:

net ads join -UAdministrator%password

You should get a feedback after issuing this command, which tells you, that
your host has been successfully joined to the domain.

4, Enable your system to resolve user and group names using LDAP by editing
the following lines in /etc/nsswitch.conf:

passwd: files ldap
shadow: files ldap
group:  files ldap

It's very important to have a properly configured DNS server on your network
and to ensure, that local name resolution works fine on your Samba host.

You may read more in chapter 7.3.4 of the Samba 3 By Example guide, which is
available at: http://us1.samba.org/samba/docs/man/Samba-Guide/

Best Regards:
Gergely Kiss

