(credit: http://www.ccs.neu.edu/home/battista/documentation/winbind/ )
- sudo aptitude install samba-common heimdal-clients winbind ntpdate ntp-simple samba
- sudo /etc/init.d/ntp stop
- /etc/ntp.conf:
server pdc.domain.dom
- sudo ntpdate pdc.domain.dom
- /etc/init.d/ntp restart
- /etc/krb5.conf:
[libdefaults]
default_realm = DOMAIN.DOM
clockskew = 300
[realms]
DOMAIN.DOM = {
kdc = pdc.domain.dom
admin_server = pdc.domain.dom
}
- /etc/samba/smb.conf:
[global]
realm = DOMAIN.DOM
workgroup = domain
security = ADS
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind use default domain = yes
[homes]
valid users = %U
- testparm (check smb.conf syntax)
- sudo mkdir /home/DOMAIN
- /etc/nsswitch.conf:
passwd: files winbind
group: files winbind
- sudo ldconfig
- sudo net ads join -U “DOMAINADMIN”
- sudo /etc/init.d/samba restart
- sudo /etc/init.d/winbind restart
- sudo wbinfo -u |xargs getent passwd
- /etc/pam.d/common-account:
account sufficient pam_winbind.so
account required pam_unix.so
- /etc/pam.d/common-auth:
auth sufficient pam_winbind.so
auth required pam_unix.so use_first_pass
- /etc/pam.d/common-session:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session sufficient pam_winbind.so
session required pam_unix.so
May 25, 2009 at 7:59 pm |
cool blog, keep going, thanks
February 15, 2010 at 11:16 pm |
Very nice! Thank you! Keep up the good work!
I only needed to add to hosts
pdc.domain.dom pdc
to make
sudo net ads join -U “DOMAINADMIN”
work.
Otherwise I would get
Failed to join domain: failed to find DC for domain net ads …
I found this tip at
http://www.linuxquestions.org/questions/susenovell-60/failed-to-join-domain-659062/
Thanks again for your very cool post.
Kind regards,
Panos.
February 15, 2010 at 11:18 pm |
On the previous post /etc/hosts should be
XXX.XXX.XXX.XXX pdc.domain.dom pdc
Thanks to all,
Bye!