The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.

21.3.2.2 Configuring Samba as a Member of an ADS Domain

In the Activity Directory Server (ADS) security model, Samba acts as a domain member server in an ADS realm, and clients use Kerberos tickets for Active Directory authentication. You must configure Kerberos and join the server to the domain, which creates a machine account for your server on the domain controller.

To add a Samba server to an Active Directory domain:

  1. Edit /etc/samba/smb.conf and configure the [global] section to use ADS: 

    [global]
security = ADS
realm = KERBEROS.REALM

    It might also be necessary to specify the password server explicitly if different servers support AD services and Kerberos authentication: 

    password server = kerberos_server.your_domain

  2. Install the krb5-server package: 

    # yum install krb5-server

  3. Create a Kerberos ticket for the Administrator account in the Kerberos domain, for example: 

    # kinit Administrator@MYDOMAIN.COM

    This command creates the Kerberos ticket that is required to join the server to the AD domain.

  4. Join the server to the AD domain: 

    # net ads join -S winads.mydom.com -U Administrator%password

    In this example, the AD server is winads.mydom.com and password is the password for the Administrator account.

    The command creates a machine account in Active Directory for the Samba server and allows it to join the domain.

  5. Restart the smb service: 

    # service smb restart

Copyright © 2013, 2021, Oracle and/or its affiliates. Legal Notices