Quick HOWTO : Samba Implementation with Active directory authentication in Linux


1. Administrator don’t need to create/maintain separate accounts for samba shares
2. Users don’t need to remember separate password for samba
3. Users can change their samba password without system administrator’s help
4. Users home drive can be mapped via login script while they are logging into their PC/Laptops/Citrix


We are going to use, Kerberos Authentication method here. There are two files to edit to achieve this,

a. /etc/samba/smb.conf
b. /etc/krb5.conf

Do the modifications to /etc/samba/smb.conf as follows,

#========== Global Settings ========


log file = /var/log/samba/%m.log
dns proxy = no
server string = Samba Server
password server = (domain controller name)
path = /var/spool/cups
workgroup = (Netbios name of domain)
security = ADS
max log size = 50
pam password change = yes

wins server = (wins server name)

#======= Share Definitions =========

comment = Home Directories
browseable = no
writable = yes

comment = All Printers
guest ok = yes
writeable = no
printable = yes
public = yes
use client driver = yes
path = /var/spool/samba

Do the Modifications to /etc/krb5.conf as follows,


default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

ticket_lifetime = 24000
default_realm = (DOMAIN NAME IN CAPS)
dns_lookup_realm = false
dns_lookup_kdc = false


kdc = (domain controller server):88
admin_server = (domain controller server):749
default_domain = (domain name)

.(domain name) = (DOMAIN NAME IN CAPS)
.(domain name) = (DOMAIN NAME IN CAPS)


profile = /var/kerberos/krb5kdc/kdc.conf

pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false

Type the following command in terminal,

service winbind start

kinit administrator@DOMAINNAME

net ads join -U administrator 

You will be asked to enter the AD Administrator password. When the command line doesn't return a value, you're now connected to the Active Directory. Now you are done with the setup. :)

Share this

Related Posts

Next Post »

What do you think about this Article? Add your Opinion..! EmoticonEmoticon