Join Debian Linux to Active Directory

Many have write very detail articles about how to join a Debian box to Active Directory. Thus, I'll list all commands here only.

aptitude install libkrb53 krb5-config samba winbind ntpdate ntp
/etc/init.d/samba stop
/etc/init.d/winbind stop

Edit /etc/krb5.conf file:
Add the following contents to [realms] and [domain_realm]:

kdc =
[domain_realm] = EXAMPLE.COM = EXAMPLE.COM

Edit /etc/ntp.conf to add your own NTP server.

/etc/init.d/ntp restart

Edit /etc/samba/smb.conf. Only difference between default configuration and changes here:

dos charset = cp936
workgroup = EXAMPLE
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
invalid users = root
path = /home/%D/%U
valid users = %D%S

Edit /etc/nsswitch.conf file:

passwd:   files winbind
group:   files winbind



net ads join -U "Administrator" -S
/etc/init.d/samba start
/etc/init.d/winbind start

Edit /etc/pam.d/common-account:

account sufficient
account required

Edit /etc/pam.d/common-auth:

auth sufficient
auth requisite use_first_pass
auth optional migrate

Edit /etc/pam.d/common-session:

session required skel=/etc/skel/
session sufficient
session required

Edit /etc/pam.d/common-password:

password requisite nullok obscure md5
password required nullok use_authtok try_first_pass


Using Winbind to Resolve Active Directory Accounts in Debian

Unix and Samba password sync on Debian Etch

The second article shows how to sync password, it's already been used in my configuration.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s