User Tools

Site Tools


fileservices:samba_active_directory_integration_on_ubuntu

Samba Active Directory Integration on Ubuntu

Install

apt-get install samba winbind ntp krb5-kdc krb5-admin-server rng-tools libnss-winbind libpam-winbind

/etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = WINDOM.NET(full domain name uppercase)
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
WINDOM.NET(full domain name uppercase) = {
   kdc = win-60ntfg4u8in.windom.net (dc fqdn)
   admin_server = win-60ntfg4u8in.windom.net (dc fqdn)
   default_domain = windom.net (full domain name)
}
[domain_realm]
.kerberos.server = WIN-60NTFG4U8IN.WINDOM.NET(dc fqdn uppercase)
.windows.jara23.co.uk = WIN-60NTFG4U8IN.WINDOM.NET(dc fqdn uppercase)
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000

NEW krb5.conf

[libdefaults]
	default_realm = SAMDOM.EXAMPLE.COM
	dns_lookup_realm = false
	dns_lookup_kdc = true

/etc/network/interfaces

iface eth0 inet static
        address 10.1.0.6
        netmask 255.255.254.0
        network 10.1.0.0
        broadcast 10.1.1.255
        gateway 10.1.0.1
        dns-nameservers 10.1.0.91 (domain dns server)
        dns-search windom.net (domain name)

/etc/nsswitch.conf

passwd:         winbind compat
group:          winbind compat
shadow:         winbind compat

smb.conf

[global]
   workgroup = WINDOM (NETBIOS domain name)
   realm = WINDOM.NET (full domain name)
   preferred master = no
   server string = Linux Test Machine
   security = ADS
   encrypt passwords = yes
   log level = 3
   log file = /var/log/samba/%m
   max log size = 50
   printcap name = cups
   printing = cups
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +
   template homedir = /home/%U
   idmap uid = 600-20000
   idmap gid = 600-20000
   ;template primary group = "Domain Users"
   template shell = /bin/bash

Join domain

kdb5_util create
kdb5_util stash
net ads -U administrator join

(Dynamic Home Directory Creation) pam_mkhomedir

install libpam-mkhomedir

apt-get install libpam-mkhomedir

add session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 to common-session*

/etc/pam.d/common-session
...
# here are the per-package modules (the "Primary" block)
session [default=1]                     pam_permit.so
# here's the fallback if no module succeeds
session requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required                        pam_permit.so
 
session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0077
...
/etc/pam.d/common-session-noninteractive
...
# here are the per-package modules (the "Primary" block)
session [default=1]                     pam_permit.so
# here's the fallback if no module succeeds
session requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required                        pam_permit.so
 
session    required    pam_mkhomedir.so skel=/etc/skel/ umask=0077
...
fileservices/samba_active_directory_integration_on_ubuntu.txt · Last modified: 2021/05/21 13:59 by tschulz