Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > AS/ES/WS v. 3 > Issue <<  131 of 594 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 5851
Last update: 09-05-07
Issue:
What are the steps to join a Red Hat Enterprise Linux Samba server to a domain in security = DOMAIN mode?
Resolution:

The following article is applicable to Red Hat Enterprise Linux versions 3 and newer only.

Configuring Samba

To join Samba to a domain in security = DOMAIN mode, the following lines need to exist in the [global] section of /etc/samba/smb.conf file:

[global]
security = DOMAIN
workgroup = MYDOMAIN

Make sure there is not a realm = line in /etc/samba/smb.conf, as this will cause problems for Samba in security = DOMAIN mode.

The security = DOMAIN statement tells Samba to authenticate to the domain's domain controllers (DC's) using NT-style RPC protocols.

The workgroup = MYDOMAIN statement defines the name of the domain Samba will be joined to. This is also known as the "short" domain name, and MYDOMAIN example domain name should be edited to define the same domain name Windows users choose from the Log on to: listbox when logging into their workstations with accounts in this domain. This domain name should not be confused with the Active Directory/Kerberos Realm name.

Additional smb.conf statements which may be necessary:

  • DC and Samba server in Separate IP Subnets

    If the DC is in a different IP subnet than the Samba server, the DC may need to be defined with a password server statement in the [global] section. Defining the DC by IP address is recommended:

    # IP address of the Domain Controller
password server = 10.20.30.40

    Note: that the routers between the two subnets must be configured properly to forward Samba traffic between the Samba server and the DC. Other articles in the Red Hat Knowledgebase contain details on the ports and protocols used by Samba.

  • Windows 2003 Domain Controllers

    If the DC is a Windows 2003 server, the following statements may need to be added to the [global] section of smb.conf before Samba will work properly:

    client use spnego = no
server signing = auto

Join Samba to the Domain

Make sure Samba and Winbind services are stopped first:

# service smb stop
Shutting down SMB services:                                [  OK  ]
Shutting down NMB services:                                [  OK  ]

# service winbind stop
 
Shutting down Winbind services:                            [  OK  ]

Then join Samba to the domain using the following command:

# net rpc join -U username

username is a domain user account which has sufficient rights to add workstations to the domain. The command shown includes the rpc option to override the net utility's default join behavior, which is to try joining in ADS mode first.

You should be prompted for the password for this domain user account, then an attempt to join the domain will be performed. A successful join should look something like this:

# net rpc join -U Administrator
Password:
Joined domain MYDOMAIN.

Additional Information

For more information regarding Samba configuration, we would recommend the following sources of information:

  • The Samba documentation contained in /usr/share/doc/samba-<version>, on any Red Hat system with the base samba RPM installed. Complete illustrated reference manuals are provided in both PDF and HTML formats in this directory.
  • The smb.conf man page, viewable by running the command man smb.conf.


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > AS/ES/WS v. 3 > Issue <<   131  of  594  >>