Configure Samba to use domain accounts for authentication

Q. How can I configure Samba to use domain accounts for authentication, so that user will be authenticated?

ADVERTISEMENTS

A. Samba server provides an options that allows authentication against a domain controller. Edit your smb.conf file using vi text editor:
Type the following command as root user

# vi /etc/samba/smb.conf
OR
$ sudo /etc/samba/smb.conf

Make sure parameters are set as follows [global] section of smb.conf file:

workgroup = YOUR-DOMAIN-CONTROLLER
netbios name = YOUR-SAMBA-SERVER-NAME
password server = IP-ADDRESS-OF-YOUR-DOMAIN-CONTROLLER
encrypt passwords = Yes
preferred master = No
domain master = No

Where,

  • Workgroup: This controls what workgroup your server will appear to be in when queried by clients.
  • netbios name : This sets the NetBIOS name by which a Samba server is known.
  • encrypt passwords : This boolean controls (YES or NO value) whether encrypted passwords will be used with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. This is what you need to use for Window XP/2000/2003 systems.

Restart samba serve:
# /etc/init.d/samba restart

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
6 comments… add one
  • Lowell Boggs Feb 1, 2007 @ 22:30

    I am using a Samba server on a Solaris box with Windows domain controllers for certification. Every file request coming from a pc running XP is resulting in a certification request from the Samba server to the domain controller. Since we deal in thousands of files, this is consuming a bit of time.

    Is there a way to configure Samba such that the granted certification is assumed to be valid for some extended period of time — such as 5 minutes?

    Thanks for any advice you can give.

  • Md. Asaduzzaman Shuvo Feb 9, 2010 @ 6:04

    I configured linux redhat samba server and already shared a directory which will be use for data sharing but problem is when we want to connect from windows Xp then we can see the share directory but we are unable to access when we double click on the share directory then appear below error message.
    ===============Error message=================
    \\192.168.159.234\\home is not accessible. You might have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
    Access is denied.
    ===========================================
    Please advice how do I solve the problem

  • configure domain Jan 12, 2011 @ 9:44

    Very helpful information.Thank you so much. I’ve been trying to figure out this issue. great job.Keep going

  • Hari Krishna Mar 7, 2011 @ 11:25

    The Samba share can be accessed even if we are not integrated with Domain Controller. The Share will authenticate by Username itself. If we have configured the samba share for user andrew and in domain controller there is user andrew, we can open the samba share folder.

    Is this an Bug???

  • LOKESH BHANDARI Apr 25, 2015 @ 7:38

    I have existing ldap user on ldap server now I want to use this account in samba share for giving access permission for share. How can this possible?

  • Ronaldo May 5, 2015 @ 19:05

    Hello I recently joined my computer with ubuntu to a domain using an active directory and realmd sssd but want to share a folder to a specific samba domain user does not recognize the credentials that users could someone tell me the cause

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.