[CLUE-Tech] Samba 3 & Active Directory

[Mike Staver]

> Mike Staver wrote:
> 
>> Does anybody currently have Samba 3.x box authenticating against 
>> Active Directory yet?
> 
> [...]
> 
>>  Do I need kerberos for this?
> 
> 
> You should be able to get samba to work against AD if the Win side 
> allows NTLM authentication (and perhaps NTLMv2 if samba supports that). 
>  If you want to use kerberos, which is the new way AD authenticates then 
> you need kerberos.  Like most Linux services you'll have much more luck 
> with it if you understand how it works.

Well, I'm trying to understand.  For example, here is my smb.conf file:

# smb.conf is the main Samba configuration file.
[global]
         workgroup = RTSENTERPRISE
         netbios name = TIMMY
         wins server = 64.242.89.10
         security = ADS
         password server = *
         realm = globaltaxnetwork.com
         server string = TIMMY
         encrypt passwords = Yes
         socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
         hosts allow = 64.242.89. 127. 216.150.207.155
         os level = 0
         dns proxy = No
         load printers = No

[html]
         comment = html
         browseable = Yes
         read only = No
         path = /srv/www/htdocs

The part of that file that I question is the line "realm".  I have an 
active directory workgroup/domain labeled RTSENTERPRISE.  I'm sure 
that's not what realm is referring to.  So, I'm assuming it means the 
part of AD globaltaxnetwork.com - not sure if that is correct though. 
Once I find the definition of this term, that will go a LONG way in 
helping me set up the krb5.conf file I think.

-- 

                                 -Mike Staver
                                  staver at fimble.com
                                  mstaver at globaltaxnetwork.com