To set up a samba server as a domain member (this assumes you have a working samba PDC):
- This is a working smb.conf for a domain member server:
[global] netbios name = FOO server string = My server # NT Domain name workgroup = BAR # Don't run a WINS server wins support = no wins server = 10.0.0.8 domain master = no local master = no preferred master = no os level = 33 # We are a domain member server security = domain password server = * encrypt passwords = yes winbind use default domain = yes idmap uid = 15000-20000 idmap gid = 15000-20000 # Only allow connections from the local machine and 10.0.0.* hosts allow = 127.0.0.1 10.0.0. # Allow non-owners to change the modified times of files they can write to. dos filetimes = yes printing = cups printcap name = cups # Disconnect an inactive client after 10 minutes. deadtime = 10 # Disallow these users to connect to Samba shares invalid users = bin daemon sync shutdown halt mail news uucp operator ########## # SHARES # ########## [share] path = /share comment = Public share read only = no
Summary
- We need to use winbind to pass off authentication to the domain controller.
- Make sure samba is stopped before joining to domain:
net rpc join -Uroot%'secretPassword'
- Configure /etc/nsswitch.conf to use winbind to get credentials:
passwd: files winbind group: files winbind hosts: files dns winbind
- Set the password for wbinfo to use:
root# wbinfo --set-auth-user=root%'bigsecret'
- Start samba and winbind
service smb start service winbind start
- Check winbind is working:
wbinfo -u wbinfo -g getent passwd username