joining an ubuntu machine to an active directory
TRANSCRIPT
Joining an Ubuntu machine to an Active Directory domain
A step by step guide
Initial configurationWindows Domain
Controller
• Domain:adominguez.local
• DC:w2003DC
• IP:192.168.0.200/24
• DNS:127.0.0.1
Initial configurationUbuntu client
• Hostname:
karakol
• IP:
192.168.0.201/24
• DNS:
192.168.0.200
194.179.1.100
Software installation
apt-get install…
• samba• smbclient• samba-common-bin• winbind• krb5-user• krb5-config
nano /etc/krb5.conf[libdefaults]
default_realm = ADOMINGUEZ.LOCAL [realms]
ADOMINGUEZ.LOCAL = { kdc = 192.168.0.200 default_domain = adominguez.local admin_server = 192.168.0.200 }
adominguez.local = { kdc = 192.168.0.200 default_domain = adominguez.local admin_server = 192.168.0.200 }
adominguez = { kdc = 192.168.0.200 default_domain = adominguez.local admin_server = 192.168.0.200 }
[domain_realm]
.adominguez = ADOMINGUEZ
.adominguez.local = ADOMINGUEZ.LOCAL
[appdefaults]
pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 try_first_pass = true }
Run as root: kinit [email protected]
nano /etc/samba/smb.conf [global]
security = ADS netbios name = karakol
realm = ADOMINGUEZ.LOCAL password server = 192.168.0.200 workgroup = ADOMINGUEZ log level = 1 syslog = 0 idmap uid = 10000-29999 idmap gid = 10000-29999 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = linux as AD client encrypt passwords = yes
[homes]
comment = Home Directoriesvalid users = %Sbrowseable = Noread only = Noinherit acls = Yes
[profiles]
comment = Network Profiles Servicepath = %Hread only = Nostore dos attributes = Yescreate mask = 0600directory mask = 0700
Run as root: testparm
Domain joining and verificationsudo net ads join –S w2003AD.adominguez.local –U Administrador
sudo /etc/init.d/winbind restart
sudo net rpc testjoin
sudo net ads info
net rpc info –U Administrador
wbinfo –u
wbinfo –g
getent passwd
getent group
su domain-user
nano /etc/pam.d/common-account
nano /etc/pam.d/common-auth
nano /etc/pam.d/common-password
nano /etc/pam.d/common-session
make home directory & login