Hi all:
I am currently using Active Directories (via openldap client) to authenicate my linux clients and would like to have samba use AD (ldap - not winbind) as well. I really haven't seen any documentation on how to implement, however. Does anyone have any information regarding ldap and samba (redhat rpm)?
If you are already using LDAP to authenticate against Active Directory (/etc/ldap.conf or /etc/libnss-ldap.conf already configured), then there isn't much to do on the Samba side. Samba will see the users as if they were local.
You will have to install kerberos (either MIT or Heimdal - configuring /etc/krb5.conf not needed) and use an smb.conf with a global section somewhat like this:
[global] workgroup = EXAMPLE realm = EXAMPLE.REALM.COM server string = My Server security = ADS password server = * local master = No invalid users = root read only = No
Then do an "net ads join -U Administrator" to join the box to the domain.
There is no need to have winbind running (and it shouldn't).
The only snag with this setup is that permissions (on the file/folder "security" tab) will show as "YOURSAMBASERVER\user" instead of "DOMAIN\user", but that's only cosmetic as it works just fine (I guess it behaves somewhat like if a trust was in place with the samba server).
Carlos Rodrigues
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
