Configuring Samba as a Member of a Windows NT4 Security Domain


If the Samba server acts as a Primary or Backup Domain Controller, do not use the domain security model. Configure the system as a standalone server that uses the user security model instead. See Section, “Configuring Samba as a Standalone Server”.

The domain security model is used with domains that implement Windows NT4 security. The Samba server must have a machine account in the domain (a domain security trust account). Samba authenticates user names and passwords with either a primary or a secondary domain controller.

To add a Samba server to an NT4 domain:

  1. On the primary domain controller, use the Server Manager to add a machine account for the Samba server.

  2. Edit /etc/samba/smb.conf and configure the [global] section to use ADS:

    security = domain
    workgroup = DOMAIN
    netbios name = SERVERNAME 
  3. Join the server to the domain:

    # net rpc join -S winpdc.mydom.com -U Administrator%password

    In this example, the primary domain controller is winpdc.mydom.com and password is the password for the Administrator account.

  4. Restart the smb service:

    # service smb restart
  5. Create an account for each user who is allowed access to shares or printers:

    # useradd -s /sbin/nologin username
    # passwd username

    In this example, the account's login shell is set to /sbin/nologin to prevent direct logins.