You can join your Samba server to your AD domain as a member server. It should work with Samba 3. The basic steps you have to take:
1, Install the Kerberos libraries (I have already tried Heimdal Kerberos, it's known to work) Look for the appropriate client package in your package manager. If you use any recent distribution, this shouldn't be a problem. For example, in Ubuntu, the name of the required package is "libkrb5-22-heimdal". Also, make sure you have installed the winbind package (in case it is shipped as a separate package in your distribution). 2, Configure Samba to act as an AD member server: # Lines to add or change in the smb.conf file: [globals] realm = <the name of your AD domain> security = ADS ldap ssl = No template shell = /bin/bash winbind separator = + idmap uid = 10000-20000 idmap gid = 10000-20000 3, Restart Samba daemons and join your server to the domain: net ads join -UAdministrator%password You should get a feedback after issuing this command, which tells you, that your host has been successfully joined to the domain. 4, Enable your system to resolve user and group names using LDAP by editing the following lines in /etc/nsswitch.conf: passwd: files ldap shadow: files ldap group: files ldap It's very important to have a properly configured DNS server on your network and to ensure, that local name resolution works fine on your Samba host. You may read more in chapter 7.3.4 of the Samba 3 By Example guide, which is available at: http://us1.samba.org/samba/docs/man/Samba-Guide/ Best Regards: Gergely Kiss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
