[Samba] Join an ADS Domain and provide simple password security

TAKAHASHI Motonobu monyo at monyo.com
Sun Oct 12 05:20:00 MDT 2014


From: Ingo Krabbe <ingo.krabbe at eoa.de>
Date: Sat, 11 Oct 2014 11:02:24 +0200

> I'm used to share some files and trees with samba from linux boxes, using
> simple password security for a few selected accounts, by using
> `smbpasswd` and `security=user`. Now I sometimes want to enter a domain
> in my company office network.
> But I could not use `net ads join` as long as I haven't changed
> `security=user` to `security=ads`.
> I'm a bit confused now:
> I joined a domain with security=ads and started winbindd with this setting. Now I moved my samba configuration back to `security=user` so I can use my local user accounts.
> Still winbind echoes the domain users and smbtree shows the domain hosts,
> but the share server now works in another domain, that is local to the
> system it runs on.
> Is this configuration valid, or will it fail?

smbtree always shows all hosts of all domain/workgroup properly configures
in the subnet.
And stop winbindd if you use Samba with "security = user".

> What is the idea of joining a domain anyway?
> Can I join an ads domain with the linux host and provide 'security =
> user' shares on the same machine? If yes, how?

Use 'HOSTName\UserName' style to access the Samba server joined to an ads
domain, you can authenticate as the host's local user.

TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo 

More information about the samba mailing list