If you want to set up a Samba server as a domain member in an Active Directory (AD) domain, you need to follow some steps to configure and join the server to the domain. This webpage provides a detailed guide on how to do that using Ubuntu Linux as an example. You will learn how to:
- Install and configure the necessary packages, such as Samba, realmd, winbind and Kerberos.
- Verify that your server has a fully qualified domain name (FQDN) and can resolve the AD server’s name and records.
- Join the domain using the realmd command with the Samba tooling option.
- Test the winbind connectivity and use domain users and groups in local commands and permissions.
By following this guide, you will be able to use your Samba server as a file and print server for AD users, as well as authenticate them to local services. You will also benefit from the security and management features of AD, such as Group Policy Objects (GPOs), password policies and encryption.
Note: Samba only supports up to Windows Server 2012R2 schema. There are experimental patches that support newer schemas but they are not covered here.
Software installapt install realmd samba packagekit libnss-winbind libpam-winbind krb5-user
Join the domain using Winbind (instead of SSSD)realm join -v -U administrator
--membership-software=samba --client-software=winbind domain.local
Enter the administrator password when prompted
Change administrator to your admin user if administrator is disabled
Replace domain.local with your own domain
Enable home folderspam-auth-update --enable mkhomedir
Add winbind to /etc/nsswitch.confnano /etc/nsswitch.conf
adding the word winbind
to the passwd
and group
linesservice winbind restart
WSSD install on Debian 11
Enables Samba server to appear in Windows Network by using Web Service Discoverywget -O- https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key | gpg --dearmour > /usr/share/keyrings/wsdd.gpg
source /etc/os-release
echo "deb [signed-by=/usr/share/keyrings/wsdd.gpg] https://pkg.ltec.ch/public/ ${UBUNTU_CODENAME:-${VERSION_CODENAME:-UNKNOWN}} main" > /etc/apt/sources.list.d/wsdd.list
apt update
apt install wsdd
service wsdd start
Edit Samba config to add a network sharenano /etc/samba/smb.conf
Scroll to the end of the file
Example share
[Data]
path=/mnt/data
read only = no
Save the changes and restart Sambaservice smbd restart
Edit Samba config to allow usernames without domain
Change winbind use default domain = no
to winbind use default domain = yes
service smbd restart
service winbind restart