Samba Authentiation to Active Directory without WinBind

From DFWLPiki
Jump to: navigation, search


My preference for using Samba in a mixed windows/unix environment is to not bind the linux computer to the AD with winbind. This might not always be the best option, but it's generally my preference, as there is one less computer joined to the domain (most of my networks are Small Business Server, and a non-windows computer joined to the domain just makes the built in SBS auditing tools show unncessary member-failures).

Here is my typical smb.conf file: 

[global]
        workgroup = DFWLP
        server string = dlp-centos64
        printcap name = /etc/printcap
        load printers = no
        log file = /var/log/samba/smbd.log
        max log size = 50
        security = server
        password server = 192.168.125.130
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        local master = no
        domain master = no
        preferred master = no
        name resolve order = wins lmhosts bcast
        wins server = 192.168.125.130
        dns proxy = no

#[homes]
#       comment = Home Directories
#       browseable = no
#       writeable = yes

[is-spam]
        comment Is Spam
        browseable = yes
        writeable = yes
        public = yes
        path = /opt/spam

[isnt-spam]
        comment Is Not Spam
        browseable = yes
        writeable = yes
        public = yes
        path = /opt/ham

It is generally necessary to also edit the security policy of a windows 7 comptuer (probably windows vista too) to allow it to connect to the Samba share.

Retrieved from "https://dfwlpiki.dfwlp.com/index.php?title=Samba_Authentiation_to_Active_Directory_without_WinBind&oldid=33"