[Samba] recommended smb.conf configuration for AD with realm+sssd

Alexander Fieroch alexander.fieroch at mpi-dortmund.mpg.de
Thu Apr 19 08:52:51 UTC 2018


Our linux clients are integrated to AD by the tool "realm" (no "net ads 
join") and use "sssd" for authenticating AD users. What is the 
recommended configuration for smb.conf to authenticate AD users for 
directory shares?
First, it looks like the configuration for "security" should be "ADS" 
and "server role" should be "member server" because these linux clients 
are domain members, but manpage for smb.conf says "ADS" and "member 
server" is for clients joined by the "net" utility which is not done here.

So what is the recommended configuration in smb.conf for linux clients 
joined to AD by realm and use sssd for authentication?

    security = ?
    server role = ?
    kerberos method = system keytab

Additionally I have to add manually a cifs/ SPN on the Windows DC with 
setspn for that machine account to get access on its samba shares.
Can I add the cifs/ SPN entry with any linux rpc-tool?


Best regards,
Alexander Fieroch

More information about the samba mailing list