Difference between revisions of "Active Directory Intigration"

Latest revision as of 11:31, 19 October 2007

References

http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 http://www.linux.iastate.edu/documentation/articles/server-configuration/integrating-samba-with-the-isu-active-directory/

Joining a computer to a domain without a WINS server

It appears that in order to join an AD Domain, that domain must have a WINS server. The typical way to join samba to a domain is:

net ads join -U [email protected]

Without a WINS server this returns the following error:

Failed to set servicePrincipalNames

A workaround is to use 'net rpc' to join samba to the domain.

net rpc join -U administrator -w DOMAIN

(here DOMAIN - is Pre-Windows 2000 domain name!)

reference: http://threebit.net/mail-archive/samba/msg10068.html

Shares

When creating shares in /etc/samba/smb.conf make sure the 'valid users =' is set to an Active Directory user/group.

Example:

[MyShare]
   comment = My Shared Folder
   browsable = yes
   readonly = no
   valid users = DOMAIN+ledhed

If you have spaces in your usernames you must wrap the username in quotes. Also note you must add a @ in front of any Active Directory group.

Example:

[MyShare]
   comment = My Shared Folder
   browsable = yes
   readonly = no
   valid users = @"DOMAIN+limited users"