[Samba] Avoiding running net ads

ravi channavajhala ravi.channavajhala at dciera.com
Mon May 4 07:14:27 GMT 2009

I recently setup Solaris server which uses AD for authentication.  It is
working well.  Now I need to run Samba on this machine.  I set up the
smb.conf with appropriate entries such as 'security = ads', 'encrypt
passwords = yes', use 'kerberos keytab = true', however I don't want to
specify an explicit password server.  When I try to map the Solaris
directories from Windows clients, I keep getting errors.  Samba 'net ads
info' returns correct information, however.  Is it necessary to run 'net ads
join' at all?  Reading through the net ads, seems it will try to re-create
the /etc/krb5/krb5.keytab, add the computer object again in AD. I want to
avoid all this because; I got a working configuration, which I don't want to
upset.  Can someone tell me

1. Is it necessary to run net ads join at all?
2. If required to run net ads anyway, how can I make it run as an non-admin
user? (I studied Eric Roseme's paper which is a bit dated)
3. Even if I run net ads I don't want it to mess with krb5.keytab, why does
it have to anyway? I already got valid tickets (generated with ktpass.exe)
for the authentication supported by Samba arcfour, DES etc.

The real issue, I'm trying to avoid is having to run to Windows admins every
time there is an issue as the unix/windows teams are run independently.
There must be a way out of not running net ads join and still have samba



More information about the samba mailing list