United States (change)
Shortcuts: Downloads Fedora Red Hat Network
Account Links: Cart Your Account Logout
There are two possible domain security modes which a Samba server can use to join a domain controlled by Windows 2000 or Windows 2003 Domain Controllers (DC's):
The RPC (Remote Procedure Call) mode of domain membership is the "NT4" style of domain membership enabled by setting security = domain in /etc/samba/smb.conf.
Samba's RPC-based domain membership code is more mature and stable and works quite well with Windows 2000/2003 DC's as long as the DC is still operating in Mixed Mode. Mixed Mode is the default operating mode for Windows 2000 and 2003 DC's.
The ADS (Active Directory Services) mode of domain membership is enabled by setting security = ads and defining the name of the Active Directory realm with the realm = YOUR.ACTIVE.DIRECTORY.NAME statement in /etc/samba/smb.conf.
Active Directory domain membership support is new to Samba 3.x and is less mature than RPC mode. ADS mode can be used regardless of which mode or domain functional level the Windows DC is operating in.
If your Windows 2000/2003 Active Directory (AD) Domain Controller (DC) is functioning in Mixed mode, we would recommend that you join your Samba server to the domain in RPC mode. There is no significant lack of network functionality in the Samba server when joined in RPC mode, and less chance of updates applied to the DC causing the Samba server to be unable to communicate properly with the rest of the network.
If the DC's operating mode/domain functional level is raised to 2000 or 2003 Native mode, the DC will only communicate with domain members joined in ADS mode. Also, keep in mind that once a DC's operating mode has been raised, it cannot be set back to Mixed mode without removing and rebuilding the Active Directory. Therefore we recommend leaving the DC in Mixed mode for maximum Samba compatibility.
If it is desired or necessary to join Samba on a Red Hat Enterprise Linux 3 server to an AD domain in ADS mode, the administrator should ensure that the server is running at least version 3.0.9-1.3E.3 of the Samba RPM's first. Prior versions of Red Hat Samba RPM's should not be used in Active Directory environments. The 3.0.9-1.3E.3 Samba RPM's are available in the Red Hat Network update channels.
The following command can be run as the root user to update key Samba packages as well as any dependent packages:
# up2date samba samba-client samba-common Fetching Obsoletes list for channel: rhel-i386-as-3... Fetching rpm headers... ######################################## Name Version Rel ---------------------------------------------------------- samba 3.0.9 1.3E.3 i386 samba-client 3.0.9 1.3E.3 i386 samba-common 3.0.9 1.3E.3 i386 Testing package set / solving RPM inter-dependencies... ######################################## samba-3.0.9-1.3E.3.i386.rpm ########################## Done. samba-client-3.0.9-1.3E.3.i ########################## Done. samba-common-3.0.9-1.3E.3.i ########################## Done. Preparing ########################################### [100%] Installing... 1:samba-common ########################################### [100%] 2:samba ########################################### [100%] 3:samba-client ########################################### [100%] [root@samba-vmsrv1 samba]#
The Samba packages provided with Red Hat Enterprise Linux 4 should function properly when joining Samba to an AD domain in ADS mode.
Other articles exist in the Red Hat Knowledgebase with details on how to join Samba servers to a domain in either domain security mode.
For more information regarding Samba configuration, we would recommend the following sources of information:
