ubuntu:samba:join_a_windows_active_directory_domain_with_samba_winbind
Table of Contents
Ubuntu - Samba - Join a Windows Active Directory Domain with Samba Winbind
This example shows to configure on the environment below.
- Domain Server : Windows Server 2016
- NetBIOS Name : SW1S01
- Domain Name : srv.sharewiz
- Realm : SRV.SHAREWIZ
- Hostname : sw1s.srv.sharewiz
Install Winbind
sudo apt install winbind libpam-winbind libnss-winbind krb5-config
and answer:
# set Realm +------------------+ Configuring Kerberos Authentication +------------------+ | When users attempt to use Kerberos and specify a principal or user name | | without specifying what administrative Kerberos realm that principal | | belongs to, the system appends the default realm. The default realm may | | also be used as the realm of a Kerberos service running on the local | | machine. Often, the default realm is the uppercase version of the local | | DNS domain. | | | | Default Kerberos version 5 realm: | | | | SRV.SHAREWIZ_____________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ # specify hostname of AD DS +--------------+ Configuring Kerberos Authentication +---------------+ | Enter the hostnames of Kerberos servers in the SRV.SHAREWIZ | | Kerberos realm separated by spaces. | | | | Kerberos servers for your realm: | | | | sw1s.srv.sharewiz_________________________________________________ | | | | <Ok> | | | +--------------------------------------------------------------------+ # specify hostname of AD DS +------------------+ Configuring Kerberos Authentication +------------------+ | Enter the hostname of the administrative (password changing) server for | | the SRV.SHAREWIZ Kerberos realm. | | | | Administrative server for your Kerberos realm: | | | | sw1s.srv.sharewiz________________________________________________________ | | | | <Ok> | | | +------------------------------
Configure Winbind
Edit the samba config file as root: /etc/samba/smb.conf
- /etc/samba/smb.conf
# line 29: change NetBIOS Name to AD DS's one and add like follows workgroup = SW1S01 password server = sw1s.srv.sharewiz realm = SRV.SHAREWIZ security = ads idmap config * : range = 16777216-33554431 template homedir = /home/%U template shell = /bin/bash winbind use default domain = true winbind offline logon = false
Edit the nsswitch config file as root: /etc/nsswitch.conf
- /etc/nsswitch.conf
# line 7: add like follows passwd: compat systemd winbind group: compat systemd winbind shadow: compat winbind
Configure pam
Edit the PAM config as root: /etc/pam.d/common-session
- /etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login) session optional pam_mkhomedir.so skel=/etc/skel umask=077
Configure network
Edit netplan config.
- /etc/netplan/01-netcfg.yaml
# change DNS to refer to AD nameservers: addresses: [192.168.1.1.8]
Apply netplan changes:
sudo netplan apply
Join Windows Active Directory Domain
Join Active Directory (net ads join -U [AD's admin user])
sudo net ads join -U Administrator Enter Administrator's password: Using short domain name -- SW1S01 Joined 'SMB' to dns domain 'srv.sharewiz'
Restart winbind
sudo systemctl restart winbind
Show domain users info
wbinfo -u
returns:
administrator guest defaultaccount peter
Try to switch to an AD user
sudo su - serverworld Creating directory '/home/peter'. peter@smb:~$
ubuntu/samba/join_a_windows_active_directory_domain_with_samba_winbind.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1