If the Samba server acts as a Primary or Backup Domain Controller, do not use the domain security model. Configure the system as a standalone server that uses the user security model instead. See Section 20.3.2.1, “Configuring Samba as a Standalone Server”.
The domain security model is used with domains that implement Windows NT4 security. The Samba server must have a machine account in the domain (a domain security trust account). Samba authenticates user names and passwords with either a primary or a secondary domain controller.
To add a Samba server to an NT4 domain:
On the primary domain controller, use the Server Manager to add a machine account for the Samba server.
Edit
/etc/samba/smb.conf
and configure the[global]
section to use ADS:[global] security = domain workgroup =
DOMAIN
netbios name =SERVERNAME
Join the server to the domain:
#
net rpc join -S winpdc.mydom.com -U Administrator%
password
In this example, the primary domain controller is
winpdc.mydom.com
andpassword
is the password for the Administrator account.Restart the
smb
service:#
service smb restart
Create an account for each user who is allowed access to shares or printers:
#
useradd -s /sbin/nologin
#username
passwd
username
In this example, the account's login shell is set to
/sbin/nologin
to prevent direct logins.