Join Debian Linux to Active Directory

Many have write very detail articles about how to join a Debian box to Active Directory. Thus, I'll list all commands here only.

aptitude install libkrb53 krb5-config samba winbind ntpdate ntp
/etc/init.d/samba stop
/etc/init.d/winbind stop

Edit /etc/krb5.conf file:
Add the following contents to [realms] and [domain_realm]:

kdc =
[domain_realm] = EXAMPLE.COM = EXAMPLE.COM

Edit /etc/ntp.conf to add your own NTP server.

/etc/init.d/ntp restart

Edit /etc/samba/smb.conf. Only difference between default configuration and changes here:

dos charset = cp936
workgroup = EXAMPLE
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
invalid users = root
path = /home/%D/%U
valid users = %D%S

Edit /etc/nsswitch.conf file:

passwd:   files winbind
group:   files winbind



net ads join -U "Administrator" -S
/etc/init.d/samba start
/etc/init.d/winbind start

Edit /etc/pam.d/common-account:

account sufficient
account required

Edit /etc/pam.d/common-auth:

auth sufficient
auth requisite use_first_pass
auth optional migrate

Edit /etc/pam.d/common-session:

session required skel=/etc/skel/
session sufficient
session required

Edit /etc/pam.d/common-password:

password requisite nullok obscure md5
password required nullok use_authtok try_first_pass


