[CentOS] Simple AD authentication for Samba share

Filipe Brandenburger filbranden at gmail.com
Fri Jun 12 03:22:36 UTC 2009


Hi,

On Thu, Jun 11, 2009 at 16:55, The Small Box
Admin<smallboxadmin at gmail.com> wrote:
> Is there a simple way to use AD or
> Windows authentication to allow the users to map the drive without
> having to use a separate username/password?

It's been about 5 years that I haven't done that (and I'm in no way an
expert in Samba), but I believe you can do it by using:

security = server
password server = <hostname_of_your_ad>

That way *all* authentication requests to your Samba will be
*forwarded* to your AD server and authenticated there (it might
increase the load of your AD). I know this used to work OK with NT
based PDCs, I don't know if it still works fine with AD or not. And I
also know that this is not the recommended method in terms of security
as it is not as robust as joining the domain.

> That is without having to
> install LDAP and kerberos or whatever is needed to join the CentOS box
> to the AD.

I think it's not as hard as you make it seem... Yes, you need to
configure the Kerberos client, but it's not that hard to do, and there
are many tutorials that explain how to do it... From a quick Google
search: http://wiki.samba.org/index.php/Samba_&_Active_Directory

But as I said, it's been years since I've done it... I might have
forgotten most of the details, and many of the things might have
changed since last time I've done them... You might test those above
for yourself and see if you can make it work though.

HTH,
Filipe



More information about the CentOS mailing list