CentOS - Jun 2009 - Simple AD authentication for Samba share

I have a CentOS box that I'm basically using for file sharing with
Samba.  Currently I'm mapping the drive from an XP box with a Samba
username/password combination.  Is there a simple way to use AD or
Windows authentication to allow the users to map the drive without
having to use a separate username/password?  That is without having to
install LDAP and kerberos or whatever is needed to join the CentOS box
to the AD.

Thanks,
Ken

-- 
The Small Box Admin
http://smallboxadmin.blogspot.com

Hi,

On Thu, Jun 11, 2009 at 16:55, The Small Box
Admin<smallboxadmin at gmail.com> wrote:
> Is there a simple way to use AD or
> Windows authentication to allow the users to map the drive without
> having to use a separate username/password?
It's been about 5 years that I haven't done that (and I'm in no way
an
expert in Samba), but I believe you can do it by using:

security = server
password server = <hostname_of_your_ad>

That way *all* authentication requests to your Samba will be
*forwarded* to your AD server and authenticated there (it might
increase the load of your AD). I know this used to work OK with NT
based PDCs, I don't know if it still works fine with AD or not. And I
also know that this is not the recommended method in terms of security
as it is not as robust as joining the domain.
>?That is without having to
> install LDAP and kerberos or whatever is needed to join the CentOS box
> to the AD.
I think it's not as hard as you make it seem... Yes, you need to
configure the Kerberos client, but it's not that hard to do, and there
are many tutorials that explain how to do it... From a quick Google
search: http://wiki.samba.org/index.php/Samba_&_Active_Directory

But as I said, it's been years since I've done it... I might have
forgotten most of the details, and many of the things might have
changed since last time I've done them... You might test those above
for yourself and see if you can make it work though.

HTH,
Filipe