====== Samba Active Directory Integration on Ubuntu ======
===== Install =====
<code>apt-get install samba winbind ntp krb5-kdc krb5-admin-server rng-tools libnss-winbind libpam-winbind</code>
===== /etc/krb5.conf =====
<code>[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = WINDOM.NET(full domain name uppercase)
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
WINDOM.NET(full domain name uppercase) = {
   kdc = win-60ntfg4u8in.windom.net (dc fqdn)
   admin_server = win-60ntfg4u8in.windom.net (dc fqdn)
   default_domain = windom.net (full domain name)
}
[domain_realm]
.kerberos.server = WIN-60NTFG4U8IN.WINDOM.NET(dc fqdn uppercase)
.windows.jara23.co.uk = WIN-60NTFG4U8IN.WINDOM.NET(dc fqdn uppercase)
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000</code>
   
===== NEW krb5.conf =====
<file>
[libdefaults]
	default_realm = SAMDOM.EXAMPLE.COM
	dns_lookup_realm = false
	dns_lookup_kdc = true
</file>

===== /etc/network/interfaces =====
<code>iface eth0 inet static
        address 10.1.0.6
        netmask 255.255.254.0
        network 10.1.0.0
        broadcast 10.1.1.255
        gateway 10.1.0.1
        dns-nameservers 10.1.0.91 (domain dns server)
        dns-search windom.net (domain name)
</code>
===== /etc/nsswitch.conf =====
<code>passwd:         winbind compat
group:          winbind compat
shadow:         winbind compat
</code>
===== smb.conf =====
<code>[global]
   workgroup = WINDOM (NETBIOS domain name)
   realm = WINDOM.NET (full domain name)
   preferred master = no
   server string = Linux Test Machine
   security = ADS
   encrypt passwords = yes
   log level = 3
   log file = /var/log/samba/%m
   max log size = 50
   printcap name = cups
   printing = cups
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +
   template homedir = /home/%U
   idmap uid = 600-20000
   idmap gid = 600-20000
   ;template primary group = "Domain Users"
   template shell = /bin/bash
</code>
===== Join domain =====
<code>kdb5_util create
kdb5_util stash
net ads -U administrator join
</code>

===== (Dynamic Home Directory Creation) pam_mkhomedir =====
install libpam-mkhomedir
<file>
apt-get install libpam-mkhomedir
</file>
add **session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0077** to common-session*
<file pam /etc/pam.d/common-session>
...
# here are the per-package modules (the "Primary" block)
session [default=1]                     pam_permit.so
# here's the fallback if no module succeeds
session requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required                        pam_permit.so

session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0077
...
</file>

<file pam /etc/pam.d/common-session-noninteractive>
...
# here are the per-package modules (the "Primary" block)
session [default=1]                     pam_permit.so
# here's the fallback if no module succeeds
session requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required                        pam_permit.so

session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0077
...
</file>