[global]
workgroup = WORKGROUP
netbios name = netbiosname
realm = REALM
server string = RHEL4 Test Server
security = ads
password server =
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
idmap backend = ad
idmap uid = 1500-100000
idmap gid = 1500-100000
winbind separator = +
winbind use default domain = yes
cups options = raw
winbind nss info = rfc2307
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
Configure /etc/krb5.conf appropriately, if using kerberos for authentication.
Join the system to Active Directory Domain.
# net ads join -U administrator
Run authconfig and chose winbind for name service and kerberos for authentication. Don't join the system to domain in this attempt since we have already joined it.
Restart winbind. Now every ad user should be able to log in to linux system. Note that for idmap_ad to work, you should have Active Directory schema extended and Unix Attributes for AD users defined in advance.