20.3.2.3 Configuring Samba as a Member of a Windows NT4 Security Domain

Note

If the Samba server acts as a Primary or Backup Domain Controller, do not use the domain security model. Configure the system as a standalone server that uses the user security model instead. See Section 20.3.2.1, “Configuring Samba as a Standalone Server”.

The domain security model is used with domains that implement Windows NT4 security. The Samba server must have a machine account in the domain (a domain security trust account). Samba authenticates user names and passwords with either a primary or a secondary domain controller.

To add a Samba server to an NT4 domain:

  1. On the primary domain controller, use the Server Manager to add a machine account for the Samba server.

  2. Edit /etc/samba/smb.conf and configure the [global] section to use ADS: 

    [global]
security = domain
workgroup = DOMAIN
netbios name = SERVERNAME

  3. Join the server to the domain: 

    # net rpc join -S winpdc.mydom.com -U Administrator%password

    In this example, the primary domain controller is winpdc.mydom.com and password is the password for the Administrator account.

  4. Restart the smb service: 

    # service smb restart

  5. Create an account for each user who is allowed access to shares or printers: 

    # useradd -s /sbin/nologin username
# passwd username

    In this example, the account's login shell is set to /sbin/nologin to prevent direct logins.

Copyright © 2013, 2019, Oracle and/or its affiliates. All rights reserved. Legal Notices