Join Debian Linux to Active Directory

Many have write very detail articles about how to join a Debian box to Active Directory. Thus, I'll list all commands here only.

aptitude install libkrb53 krb5-config samba winbind ntpdate ntp
/etc/init.d/samba stop
/etc/init.d/winbind stop

Edit /etc/krb5.conf file:
Add the following contents to [realms] and [domain_realm]:

[realms]
EXAMPLE.COM = {
kdc = pdc.example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

Edit /etc/ntp.conf to add your own NTP server.

/etc/init.d/ntp restart

Edit /etc/samba/smb.conf. Only difference between default configuration and changes here:

realm = EXAMPLE.COM
dos charset = cp936
workgroup = EXAMPLE
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
invalid users = root
[homes]
path = /home/%D/%U
valid users = %D%S

Edit /etc/nsswitch.conf file:

passwd:   files winbind
group:   files winbind

Run:

ldconfig

net ads join -U "Administrator" -S pdc.example.com
/etc/init.d/samba start
/etc/init.d/winbind start

Edit /etc/pam.d/common-account:

account sufficient  pam_winbind.so
account required  pam_unix.so

Edit /etc/pam.d/common-auth:

auth sufficient  pam_winbind.so
auth requisite  pam_unix.so use_first_pass
auth optional  pam_smbpass.so migrate

Edit /etc/pam.d/common-session:

session required  pam_mkhomedir.so skel=/etc/skel/
session sufficient  pam_winbind.so
session required  pam_unix.so

Edit /etc/pam.d/common-password:

password requisite pam_unix.so nullok obscure md5
password required pam_smbpass.so nullok use_authtok try_first_pass

Reference:

Using Winbind to Resolve Active Directory Accounts in Debian

Unix and Samba password sync on Debian Etch

The second article shows how to sync password, it's already been used in my configuration.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s