====== Ubuntu - Samba - Join a Windows Active Directory Domain with Samba Winbind ======
This example shows to configure on the environment below.
* Domain Server : Windows Server 2016
* NetBIOS Name : SW1S01
* Domain Name : srv.sharewiz
* Realm : SRV.SHAREWIZ
* Hostname : sw1s.srv.sharewiz
----
===== Install Winbind =====
sudo apt install winbind libpam-winbind libnss-winbind krb5-config
and answer:
# set Realm
+------------------+ Configuring Kerberos Authentication +------------------+
| When users attempt to use Kerberos and specify a principal or user name |
| without specifying what administrative Kerberos realm that principal |
| belongs to, the system appends the default realm. The default realm may |
| also be used as the realm of a Kerberos service running on the local |
| machine. Often, the default realm is the uppercase version of the local |
| DNS domain. |
| |
| Default Kerberos version 5 realm: |
| |
| SRV.SHAREWIZ_____________________________________________________________ |
| |
| |
| |
+---------------------------------------------------------------------------+
# specify hostname of AD DS
+--------------+ Configuring Kerberos Authentication +---------------+
| Enter the hostnames of Kerberos servers in the SRV.SHAREWIZ |
| Kerberos realm separated by spaces. |
| |
| Kerberos servers for your realm: |
| |
| sw1s.srv.sharewiz_________________________________________________ |
| |
| |
| |
+--------------------------------------------------------------------+
# specify hostname of AD DS
+------------------+ Configuring Kerberos Authentication +------------------+
| Enter the hostname of the administrative (password changing) server for |
| the SRV.SHAREWIZ Kerberos realm. |
| |
| Administrative server for your Kerberos realm: |
| |
| sw1s.srv.sharewiz________________________________________________________ |
| |
| |
| |
+------------------------------
----
===== Configure Winbind =====
Edit the samba config file as root: /etc/samba/smb.conf
# line 29: change NetBIOS Name to AD DS's one and add like follows
workgroup = SW1S01
password server = sw1s.srv.sharewiz
realm = SRV.SHAREWIZ
security = ads
idmap config * : range = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
-----
Edit the nsswitch config file as root: /etc/nsswitch.conf
# line 7: add like follows
passwd: compat systemd winbind
group: compat systemd winbind
shadow: compat winbind
----
==== Configure pam ====
Edit the PAM config as root: /etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login)
session optional pam_mkhomedir.so skel=/etc/skel umask=077
----
==== Configure network ====
Edit netplan config.
# change DNS to refer to AD
nameservers:
addresses: [192.168.1.1.8]
Apply netplan changes:
sudo netplan apply
----
===== Join Windows Active Directory Domain =====
Join Active Directory (net ads join -U [AD's admin user])
sudo net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- SW1S01
Joined 'SMB' to dns domain 'srv.sharewiz'
Restart winbind
sudo systemctl restart winbind
----
==== Show domain users info ====
wbinfo -u
returns:
administrator
guest
defaultaccount
peter
Try to switch to an AD user
sudo su - serverworld
Creating directory '/home/peter'.
peter@smb:~$