The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
In the Activity Directory Server (ADS) security model, Samba acts as a domain member server in an ADS realm, and clients use Kerberos tickets for Active Directory authentication. You must configure Kerberos and join the server to the domain, which creates a machine account for your server on the domain controller.
To add a Samba server to an Active Directory domain:
Edit
/etc/samba/smb.conf
and configure the[global]
section to use ADS:[global] security = ADS realm =
KERBEROS.REALM
It might also be necessary to specify the password server explicitly if different servers support AD services and Kerberos authentication:
password server =
kerberos_server.your_domain
Install the
krb5-server
package:#
yum install krb5-server
Create a Kerberos ticket for the
Administrator
account in the Kerberos domain, for example:#
kinit Administrator@MYDOMAIN.COM
This command creates the Kerberos ticket that is required to join the server to the AD domain.
Join the server to the AD domain:
#
net ads join -S winads.mydom.com -U Administrator%
password
In this example, the AD server is
winads.mydom.com
andpassword
is the password for the Administrator account.The command creates a machine account in Active Directory for the Samba server and allows it to join the domain.
Restart the
smb
service:#
service smb restart