Marcelo Pereira
2012-May-08 20:38 UTC
[Samba] Samba authenticating against Windows Active Directory
Hello all, I have a question regarding the integration between Samba and the Active Directory (Windows 2008). Current setup: 1. We have been using a Samba server to offer shared folder to the user in my institution. 2. The users have any kind of operational system on their machines, and they don't log in any domain server 3. The users simply map their shares at the Samba server, using their samba usernames and password. The future: 1. We have a main LDAP server (Windows 2008 Active Directory) that we want to integrate with our Samba server. 2. We would like to keep the "modus operandi" of the usage (i.e.: The users simply point to their shares, enter their usernames/passwords and access their files). 3. We don't want to have the "samba usernames/passwords". Instead, we want the Samba to authenticate using the Active Directory. The final situation would be: 1. User turn his computer on (doesn't matter the operational system that he is using). 2. User map his samba share 3. User enter his credentials to the Samba Share 4. Samba ask the Active Directory if these credentials are valid 5. If the username/password is authenticate successfully against the Active Directory, then Samba let the user access his files. The questions: 1. At this point, the linux server has joined the domain (it's ok at this point). How can I accomplish the Samba+AD integration?? Is there any specific documentation?? Thanks, Marcelo
Robert Freeman-Day
2012-May-09 13:50 UTC
[Samba] Samba authenticating against Windows Active Directory
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/08/2012 04:38 PM, Marcelo Pereira wrote:> Hello all, > > I have a question regarding the integration between Samba and the > Active Directory (Windows 2008). > > Current setup: > > 1. We have been using a Samba server to offer shared folder to the > user in my institution. 2. The users have any kind of operational > system on their machines, and they don't log in any domain server > 3. The users simply map their shares at the Samba server, using > their samba usernames and password. > > The future: > > 1. We have a main LDAP server (Windows 2008 Active Directory) that > we want to integrate with our Samba server. 2. We would like to > keep the "modus operandi" of the usage (i.e.: The users simply > point to their shares, enter their usernames/passwords and access > their files). 3. We don't want to have the "samba > usernames/passwords". Instead, we want the Samba to authenticate > using the Active Directory. > > The final situation would be: > > 1. User turn his computer on (doesn't matter the operational system > that he is using). 2. User map his samba share 3. User enter his > credentials to the Samba Share 4. Samba ask the Active Directory if > these credentials are valid 5. If the username/password is > authenticate successfully against the Active Directory, then Samba > let the user access his files. > > The questions: > > 1. At this point, the linux server has joined the domain (it's ok > at this point). > > How can I accomplish the Samba+AD integration?? Is there any > specific documentation?? > > Thanks, MarceloMarcelo, I good start may be to send the list your smb.conf file. Possibly your krb5.conf as well. This is a good start doc-wise, but is a bit dated: https://wiki.samba.org/index.php/Samba_&_Active_Directory - -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+qdjMACgkQup357T5MfTaGSACfbGSzUKoOK/qbgZ9rwW2ul+85 x70AnRWAQIv2t794eDa28leSL0d61MrW =H1/g -----END PGP SIGNATURE-----