==================
How to join Ubuntu/Samba to a Windows 2003 Active Directory domain
Ingredients:
*
A Windows network with an Active Directory server (like Windows Server 2003)
*
Ubuntu Linux 5.10 installed
*
TCP/IP setup properly (the Linux machine taking its address by DHCP from the Windows server)
*
No firewall yet on the Linux machine! First get it working, then secure it.
More info:
*
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html
*
http://justlinux.com/forum/archive/index.php/t-118512.html
1. Installing
We assume that Ubuntu Linux has been installed.
Install the following packages with the Synaptic Package Manager. You may need to specify “universe” as an extra source for packages.
*
Samba (version 3):
o
samba
o
samba-common (installed by default)
o
smbclient (installed by default)
o
winbind
*
Kerberos:
o
krb5-config
o
krb5-user
*
... and any packages that might be needed to meet dependencies.
2. Edit configuration files
Edit the following configuration files. We assume the following:
*
The local DNS domain is mycompany.local
*
The Windows 2003 server is obelix.mycompany.local
/etc/samba/smb.conf
[global]
security = ADS
realm = MYCOMPANY.LOCAL
workgroup = mycompany
password server = obelix.mycompany.local
wins support = no
wins server = 10.0.20.202
invalid users = root
# Winbind settings
idmap uid = 10000-20000
idmap gid = 10000-20000
# For testing
debuglevel = 2
# A shared folder for testing purposes
[SharedFolder]
path = /home/onno2/Shared_Folder
available = yes
public = yes
writable = yes
force create mode = 0666
force directory mode = 0777
Make sure the path (/home/onno2/Shared_Folder or whatever you choose) exists and that the rights are set properly (chmod 777
/etc/krb5.conf
[libdefaults]
default_realm = MYCOMPANY.LOCAL
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
MYCOMPANY.LOCAL = {
kdc = obelix.mycompany.local
admin_server = obelix.mycompany.local
}
[domain_realm]
.mycompany.local = OBELIX.MYCOMPANY.LOCAL
mycompany.local = OBELIX.MYCOMPANY.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = true
/etc/nsswitch
The only change here was adding winbind twice.
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
3. Start or restart services
/etc/init.d/samba restart
/etc/init.d/winbind restart
4. Join domain
net ads join -U administrator If this doesn’t work, check the logs in Linux (/var/log/samba/*) and Windows.
5. Test your setup
testparm to check if your smb.conf has a correct syntax.
kinit onno@MYCOMPANY.LOCAL test if kerberos works properly.
wbinfo -u should give a list of users.
wbinfo -g should give a list of groups.
getent passwd should give a list of users in the passwd style.
getent group should give a list of groups.
ls -ltr /var/log/samba gives a list of log files, sorted by time of last change.
smbclient -L
If this all works properly, try to access the share (/home/onno2/Shared_Folder) from any Windows machine in the domain by using network neighbourhood
No comments:
Post a Comment