Wiki

User Tools

Site Tools

Trace: start generate_courier_mail_graphs_with_couriergraph_and_rrdtool delete_trailing_whitespace_spaces_tabs_from_end_of_each_line configure_rsyslog_client_to_send_logs_to_rsyslog_server join_a_windows_active_directory_domain_with_samba_winbind
ubuntu:samba:join_a_windows_active_directory_domain_with_samba_winbind

This is an old revision of the document!

Table of Contents

Ubuntu - Samba - Join a Windows Active Directory Domain with Samba Winbind

This example shows to configure on the environment below.

Domain Server : Windows Server 2016 NetBIOS Name : SW1S01 Domain Name : srv.sharewiz Realm : SRV.SHAREWIZ Hostname : sw1s.srv.sharewiz

Install Winbind

sudo apt install winbind libpam-winbind libnss-winbind krb5-config

# set Realm

+——————+ Configuring Kerberos Authentication +——————+ | When users attempt to use Kerberos and specify a principal or user name | | without specifying what administrative Kerberos realm that principal | | belongs to, the system appends the default realm. The default realm may | | also be used as the realm of a Kerberos service running on the local | | machine. Often, the default realm is the uppercase version of the local | | DNS domain. | | | | Default Kerberos version 5 realm: | | | | SRV.SHAREWIZ_ | | | | <Ok> | | | +—————————————————————————+

# specify hostname of AD DS 

   +--------------+ Configuring Kerberos Authentication +---------------+
   | Enter the hostnames of Kerberos servers in the SRV.WORLD           |
   | Kerberos realm separated by spaces.                                |
   |                                                                    |
   | Kerberos servers for your realm:                                   |
   |                                                                    |
   | sw1s.srv.sharewiz_________________________________________________ |
   |                                                                    |
   |                               <Ok>                                 |
   |                                                                    |
   +--------------------------------------------------------------------+

# specify hostname of AD DS

+——————+ Configuring Kerberos Authentication +——————+ | Enter the hostname of the administrative (password changing) server for | | the SRV.WORLD Kerberos realm. | | | | Administrative server for your Kerberos realm: | | | | sw1s.srv.sharewiz | | | | <Ok> | | | +——————————

</code>

Configure Winbind

Edit the samba config file: /etc/samba/smb.conf

/etc/samba/smb.conf
# line 29: change NetBIOS Name to AD DS's one and add like follows
   workgroup = SW1S01
 
   password server = sw1s.srv.sharewiz
   realm = SRV.SHAREWIZ
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false

Edit the nsswitch config file.

/etc/nsswitch.conf
# line 7: add like follows
 
passwd:     compat systemd winbind
 
group:     compat systemd winbind
 
shadow:     compat winbind

Configure pam

Edit the PAM config.

/etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login)
 
session optional        pam_mkhomedir.so skel=/etc/skel umask=077

Configure network

Edit netplan config.

/etc/netplan/01-netcfg.yaml
# change DNS to refer to AD
 
      nameservers:
        addresses: [10.0.0.100]

Apply netplan changes: 

sudo netplan apply
ubuntu/samba/join_a_windows_active_directory_domain_with_samba_winbind.1575840036.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki