Home / server / Questions / 365257
Accepted
churnd
Asked: 2012-03-02 03:48:06 +0800 CST

How do I configure SAMBA to use ADS & SMBPASSWD authentication?

  • 772

I'm using Beyond Trust to integrate with active directory on a CentOS 5.6 server. I'm using the interop-install that comes with Beyond Trust to configure SAMBA, which works fine. However, I have some local accounts that I want to still work & for policy reasons, I can't create them in AD. Is there a way to configure SAMBA to use both authentication methods, or use ADS as primary & fall back on SMBPASSWD?

authentication samba likewise-open

2 Answers

  1. Best Answer

    In your smb.conf you can specify the 'auth methods' parameter, listing which authentication methods you want to use, such as:

    auth methods = guest sam winbind

    The parameters are read left to right; with the example above, Samba will try to match the username with the local smbpasswd first before going trying to match AD.

    Note that you may want to replace sam with sam_ignoredomain depending on your version of Samba and the format of your username. Play around with what works for you.

    http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#AUTHMETHODS

    • 2

  2. Got it working with:

    [global]    
        workgroup = DOMAIN
        security = ADS
        auth methods = sam winbind
        realm = DOMAIN.EXAMPLE.COM
        machine password timeout = 0
        server string = SERVER
        idmap domains = ALL
        idmap config ALL:backend = lwicompat_v4
        idmap config ALL:default = yes
        idmap config ALL:readonly = yes
        idmap uid = 10000-33554431
        idmap gid = 10000-33554431

    Everything else is vanilla SAMBA config.

    • 0