Joining Samba 3 to Active directory as member using ADS security mode

1. The key config of smb.conf :

client use spnego = yes
client signing = yes
security = ADS

;only used if the ads user will login the samba member
;winbind uid = 10000-20000
;winbind gid = 10000-20000
;winbind enum groups = yes
;winbind enum users = yes

2. The /etc/krb5.conf

default_realm = IEPCLAN.IE.CUHK.EDU.HK
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

kdc = ip.of.your.dc
default_domain =


3. kinit administrator (enter the administrator password when prompted). The klist command should then list a ticket.

4. edit /etc/hosts file, add your host ip and if you got the below error :

Using short domain name — YOURADDOMAIN
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for ‘HOSTNAME’ in realm ‘YOUR.AD.DOMAIN’
Failed to join domain: Type or value exists

5. net ads join -U Administrator

6. store your winbind credentials with : net setauthuser -U winbind (enter winbind password in AD)

7. restart samba and winbindd

8. use wbinfo -u to check the winbindd works or not

References :

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>