[Samba] How to connect Samba to the global catalog to perform website authentication.

Rowland penny rpenny at samba.org
Fri Jul 26 17:00:43 UTC 2019

On 26/07/2019 17:16, Peter H. Morgan via samba wrote:
> We are new to Samba and looking for some help please.
> We are attempt to authenticate users of a website with a Windows active
> directly connection using Samba 4.8.3 on centos 7 with apache NTLM_auth
> module.  The active directory for the windows domain is a forest domain that
> has 3 domains.  With a Global catalog on a number of sites.
> We can manage to authenticate against one domain.  As the settings we are
> using has us connecting to the Active Directory not the Global Catalog.  Do
> you have any advice on what settings we are doing wrong and what we need to
> set to make the Global catalog available to Samba.

If all the default settings and lines that shouldn't be there are 
removed, your smb.conf will look like this:

    workgroup = workgroupname
    server string = active directory
    realm = domain.with.active directory
    security = ADS

    load printers = no
    log file = /var/log/samba/user/log.%m
    max log size = 50
    dns proxy = no

Which leaves a lot missing, so before you go and read the link I will 
post below, open a teminal and type:

yum remove sssd*

now read this wikipage:



More information about the samba mailing list