Ubuntu 18.04
Sponsored Link

Samba : Samba Winbind
2018/06/06
 
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2016
NetBIOS Name : FD3S01
Domain Name : srv.world
Realm : SRV.WORLD
Hostname : fd3s.srv.world
[1] Install Winbind.
root@smb:~#
apt -y install winbind libpam-winbind libnss-winbind krb5-config
# set Realm

 +------------------+ Configuring Kerberos Authentication +------------------+
 | When users attempt to use Kerberos and specify a principal or user name   |
 | without specifying what administrative Kerberos realm that principal      |
 | belongs to, the system appends the default realm.  The default realm may  |
 | also be used as the realm of a Kerberos service running on the local      |
 | machine.  Often, the default realm is the uppercase version of the local  |
 | DNS domain.                                                               |
 |                                                                           |
 | Default Kerberos version 5 realm:                                         |
 |                                                                           |
 | SRV.WORLD________________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
# specify hostname of AD DS

     +--------------+ Configuring Kerberos Authentication +---------------+
     | Enter the hostnames of Kerberos servers in the SRV.WORLD           |
     | Kerberos realm separated by spaces.                                |
     |                                                                    |
     | Kerberos servers for your realm:                                   |
     |                                                                    |
     | fd3s.srv.world____________________________________________________ |
     |                                                                    |
     |                               <Ok>                                 |
     |                                                                    |
     +--------------------------------------------------------------------+
# specify hostname of AD DS

 +------------------+ Configuring Kerberos Authentication +------------------+
 | Enter the hostname of the administrative (password changing) server for   |
 | the SRV.WORLD Kerberos realm.                                             |
 |                                                                           |
 | Administrative server for your Kerberos realm:                            |
 |                                                                           |
 | fd3s.srv.world___________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
[2] Configure Winbind.
root@smb:~#
vi /etc/samba/smb.conf
# line 29: change NetBIOS Name to AD DS's one and add like follows

   workgroup = FD3S01
   password server = fd3s.srv.world
   realm = SRV.WORLD
   security = ads
   idmap config * : range = 16777216-33554431
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false 

root@smb:~#
vi /etc/nsswitch.conf
# line 7: add like follows

passwd:     compat systemd
winbind

group:     compat systemd
winbind

shadow:     compat
winbind
root@smb:~#
vi /etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login)

session optional        pam_mkhomedir.so skel=/etc/skel umask=077

root@smb:~#
vi /etc/netplan/01-netcfg.yaml
# change DNS to refer to AD

      nameservers:
        addresses: [10.0.0.100]

root@smb:~#
netplan apply
[3] Join in Windows Active Directory Domain.
# join in Active Directory (net ads join -U [AD's admin user])

root@smb:~#
net ads join -U Administrator

Enter Administrator's password:
Using short domain name -- FD3S01
Joined 'SMB' to dns domain 'srv.world'
root@smb:~#
systemctl restart winbind
# show domain users info

root@smb:~#
wbinfo -u

administrator
guest
defaultaccount
serverworld
krbtgt
# try to switch to an AD user

root@smb:~#
su - serverworld

Creating directory '/home/serverworld'.
serverworld@smb:~$
Matched Content