Active Directory Domain with Samba Domain Member Server

root# cd /usr/sbin

root# smbd -b | grep KRB
















root# cd /usr/sbin

root# smbd -b | grep KRB





















root# smbd -b | grep LDAP

massive:/usr/sbin # smbd -b | grep LDAP









root# testparm -s | less

root#  net ads join -UAdministrator%not24get

Using short domain name -- LONDON

Joined 'FRAN' to realm 'LONDON.ABMAS.BIZ'


edit /etc/nsswitch.conf

passwd:         compat winbind

group:          compat winbind

shadow:         compat

hosts:          files dns

networks:       files

protocols:      db files

services:       db files

ethers:         db files

rpc:            db files

netgroup:       nis


root#  wbinfo -u






root# wbinfo -g

LONDON+Domain Computers

LONDON+Domain Controllers

LONDON+Schema Admins

LONDON+Enterprise Admins

LONDON+Domain Admins

LONDON+Domain Users

LONDON+Domain Guests

LONDON+Group Policy Creator Owners


root# getent passwd










LONDON+jht:x:10004:10000:John H. Terpstra:


root#  getent group


LONDON+Domain Computers:x:10002:

LONDON+Domain Controllers:x:10003:

LONDON+Schema Admins:x:10004:LONDON+Administrator

LONDON+Enterprise Admins:x:10005:LONDON+Administrator

LONDON+Domain Admins:x:10006:LONDON+jht,LONDON+Administrator

LONDON+Domain Users:x:10000:

LONDON+Domain Guests:x:10001:

LONDON+Group Policy Creator Owners:x:10007:LONDON+Administrator


root# net ads info

LDAP server:

LDAP server name: w2k3s


Bind Path: dc=LONDON,dc=ABMAS,dc=BIZ

LDAP port: 389

Server time: Sat, 03 Jan 2004 02:44:44 GMT

KDC server:

Server time offset: 2

root# net ads status -UAdministrator%not24get

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: user

objectClass: computer

cn: fran

distinguishedName: CN=fran,CN=Computers,DC=london,DC=abmas,DC=biz

instanceType: 4

whenCreated: 20040103092006.0Z

whenChanged: 20040103092006.0Z

uSNCreated: 28713

uSNChanged: 28717

name: fran

objectGUID: 58f89519-c467-49b9-acb0-f099d73696e

userAccountControl: 69632

badPwdCount: 0

codePage: 0

countryCode: 0

badPasswordTime: 0

lastLogoff: 0

lastLogon: 127175965783327936

localPolicyFlags: 0

pwdLastSet: 127175952062598496

primaryGroupID: 515

objectSid: S-1-5-21-4052121579-2079768045-1474639452-1109

accountExpires: 9223372036854775807

logonCount: 13

sAMAccountName: fran$

sAMAccountType: 805306369

operatingSystem: Samba

operatingSystemVersion: 3.0.2-SUSE

dNSHostName: fran

userPrincipalName: HOST/fran@LONDON.ABMAS.BIZ

servicePrincipalName: CIFS/

servicePrincipalName: CIFS/fran

servicePrincipalName: HOST/

servicePrincipalName: HOST/fran

objectCategory: CN=Computer,CN=Schema,CN=Configuration,


isCriticalSystemObject: FALSE

-------------- Security Descriptor (revision: 1, type: 0x8c14)

owner SID: S-1-5-21-4052121579-2079768045-1474639452-512

group SID: S-1-5-21-4052121579-2079768045-1474639452-513

------- (system) ACL (revision: 4, size: 120, number of ACEs: 2)

------- ACE (type: 0x07, flags: 0x5a, size: 0x38,

             mask: 0x20, object flags: 0x3)

access SID:  S-1-1-0

access type: AUDIT OBJECT


      [Write All Properties]

------- ACE (type: 0x07, flags: 0x5a, size: 0x38,

             mask: 0x20, object flags: 0x3)

access SID:  S-1-1-0

access type: AUDIT OBJECT


      [Write All Properties]

------- (user) ACL (revision: 4, size: 1944, number of ACEs: 40)

------- ACE (type: 0x00, flags: 0x00, size: 0x24, mask: 0xf01ff)

access SID:  S-1-5-21-4052121579-2079768045-1474639452-512

access type: ALLOWED

Permissions: [Full Control]

------- ACE (type: 0x00, flags: 0x00, size: 0x18, mask: 0xf01ff)

access SID:  S-1-5-32-548


------- ACE (type: 0x05, flags: 0x12, size: 0x38,

              mask: 0x10, object flags: 0x3)

access SID:  S-1-5-9

access type: ALLOWED OBJECT


      [Read All Properties]

-------------- End Of Security Descriptor

Example 9.7. Samba Domain Member smb.conf File for Active Directory Membership

# Global parameters


unix charset = LOCALE

workgroup = LONDON


server string = Samba 3.0.2

security = ADS

username map = /etc/samba/smbusers

log level = 1

syslog = 0

log file = /var/log/samba/%m

max log size = 50

printcap name = CUPS

ldap ssl = no

idmap uid = 10000-20000

idmap gid = 10000-20000

template primary group = "Domain Users"

template shell = /bin/bash

winbind separator = +

printing = cups


comment = Home Directories

valid users = %S

read only = No

browseable = No


comment = SMB Print Spool

path = /var/spool/samba

guest ok = Yes

printable = Yes

browseable = No


comment = Printer Drivers

path = /var/lib/samba/drivers

admin users = root, Administrator

write list = root