joining an ubuntu machine to an active directory
DESCRIPTION
Step by step guide tu joining Ubuntu machine to an Active Directory DomainTRANSCRIPT
Joining an Ubuntu machine to an Active Directory domain
A step by step guide
Initial configurationWindows Domain
Controller
• Domain:adominguez.local
• DC:w2003DC
• IP:192.168.0.200/24
• DNS:127.0.0.1
Initial configurationUbuntu client
• Hostname:
karakol
• IP:
192.168.0.201/24
• DNS:
192.168.0.200
194.179.1.100
Software installation
apt-get install…
• samba• smbclient• samba-common-bin• winbind• krb5-user• krb5-config
nano /etc/krb5.conf[libdefaults]
default_realm = ADOMINGUEZ.LOCAL [realms]
ADOMINGUEZ.LOCAL = { kdc = 192.168.0.200 default_domain = adominguez.local admin_server = 192.168.0.200 }
adominguez.local = { kdc = 192.168.0.200 default_domain = adominguez.local admin_server = 192.168.0.200 }
adominguez = { kdc = 192.168.0.200 default_domain = adominguez.local admin_server = 192.168.0.200 }
[domain_realm]
.adominguez = ADOMINGUEZ
.adominguez.local = ADOMINGUEZ.LOCAL
[appdefaults]
pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 try_first_pass = true }
Run as root: kinit [email protected]
nano /etc/samba/smb.conf [global]
security = ADS netbios name = karakol
realm = ADOMINGUEZ.LOCAL password server = 192.168.0.200 workgroup = ADOMINGUEZ log level = 1 syslog = 0 idmap uid = 10000-29999 idmap gid = 10000-29999 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = linux as AD client encrypt passwords = yes
[homes]
comment = Home Directoriesvalid users = %Sbrowseable = Noread only = Noinherit acls = Yes
[profiles]
comment = Network Profiles Servicepath = %Hread only = Nostore dos attributes = Yescreate mask = 0600directory mask = 0700
Run as root: testparm
Domain joining and verificationsudo net ads join –S w2003AD.adominguez.local –U Administrador
sudo /etc/init.d/winbind restart
sudo net rpc testjoin
sudo net ads info
net rpc info –U Administrador
wbinfo –u
wbinfo –g
getent passwd
getent group
su domain-user
nano /etc/pam.d/common-account
nano /etc/pam.d/common-auth
nano /etc/pam.d/common-password
nano /etc/pam.d/common-session
make home directory & login