[public]comment = Datapath = /exportforce user = docsbotforce group = usersguest ok = Yes[printers]comment = All Printerspath = /var/spool/sambaprinter admin = john, ed, @adminscreate mask = 0600guest ok = Yesprintable = Yesuse client driver = Yesbrowseable = Yes3.2. Domain Member ServerA domain member, while similar to a stand-alone server, is logged into a domain controller(either Windows or Samba) and is subject to the domain's security rules. An example of adomain member server would be a departmental server running Samba that has a machineaccount on the Primary Domain Controller (PDC). All of the department's clients stillauthenticate with the PDC, and desktop profiles and all network policy files are included. Thedifference is that the departmental server has the ability to control printer and network shares.3.2.1. Active Directory Domain Member ServerThe following smb.conf file shows a sample configuration needed to implement an ActiveDirectory domain member server. In this example, Samba authenticates users for servicesbeing run locally but is also a client of the Active Directory. Ensure that your kerberos realmparameter is shown in all caps (for example realm = EXAMPLE.COM). Since Windows2000/2003 requires Kerberos for Active Directory authentication, the realm directive is required.If Active Directory and Kerberos are running on different servers, the password serverdirective may be required to help the distinction.[global]realm = EXAMPLE.COMsecurity = ADSencrypt passwords = yes# Optional. Use only if Samba cannot determine the Kerberos serverautomatically.password server = kerberos.example.comIn order to join a member server to an Active Directory domain, the following steps must becompleted:Chapter 14. Samba254
