Install the software You need:
# apt-get install samba-common heimdal-clients winbind ntpdate ntp samba
set the right timezone and the righ system time
# /etc/init.d/ntp stop
# dpkg-reconfigure tzdata
# ntpdate your.domain.controller
then insert Your domain controller into the time servers list:
# vi /etc/ntp.conf
add in the right place the line
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
server your.domain.controller
# /etc/init.d/ntp start
Edit Your file /etc/krb5.conf
# cat /etc/krb5.conf
[libdefaults]
default_realm = DOMAIN.NAME
clockskew = 300
[realms]
DOMAIN.NAME = {
kdc = your.domain.controller IP Address
admin_server = your.domain.controller IP Address
}
Edit Your file /etc/samba/smb.conf
# cat /etc/samba/smb.conf
[global]
realm = DOMAIN.NAME
workgroup = domain
security = ADS
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind use default domain = yes[homes]
valid users = %U
check your modification with
# testparm
and then
# mkdir /home/DOMAIN
Then edit the /etc/nsswitch.conf file:
passwd: files winbind
group: files winbind
#passwd: compat
#group: compat
Now issue the command:
# net ads join -U DomainAdminUsername -W DOMAIN.NAME
Ignoring the error notice saying something like “Unable to perform DNS Update”.
Then restart some services:
# /etc/init.d/samba restart
# /etc/init.d/winbind restart
And verify You have joined the Domain, e.g. asking for some data to be displayed:
# wbinfo -u |xargs getent passwd
… and remember to modify theese files
# cat /etc/pam.d/common-account:
account sufficient pam_winbind.so
account required pam_unix.so# cat /etc/pam.d/common-auth:
auth sufficient pam_winbind.so
auth required pam_unix.so use_first_pass# cat /etc/pam.d/common-session:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session sufficient pam_winbind.so
session required pam_unix.so
Tags: Active Directory, debian, samba