Ubuntu 20.04
Sponsored Link

Samba : Samba Winbind
2020/05/19
 
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your Local Network.
This example is based on the environment like follows.
Domain Server : Windows Server 2019
NetBIOS Name : FD3S01
Domain Name : srv.world
Realm : SRV.WORLD
Hostname : fd3s.srv.world
[1] Install Winbind.
root@smb:~#
apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules
# specify Realm

 +------------------+ Configuring Kerberos Authentication +------------------+
 | When users attempt to use Kerberos and specify a principal or user name   |
 | without specifying what administrative Kerberos realm that principal      |
 | belongs to, the system appends the default realm.  The default realm may  |
 | also be used as the realm of a Kerberos service running on the local      |
 | machine.  Often, the default realm is the uppercase version of the local  |
 | DNS domain.                                                               |
 |                                                                           |
 | Default Kerberos version 5 realm:                                         |
 |                                                                           |
 | SRV.WORLD________________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
# specify hostname of AD DS

     +--------------+ Configuring Kerberos Authentication +---------------+
     | Enter the hostnames of Kerberos servers in the SRV.WORLD           |
     | Kerberos realm separated by spaces.                                |
     |                                                                    |
     | Kerberos servers for your realm:                                   |
     |                                                                    |
     | fd3s.srv.world____________________________________________________ |
     |                                                                    |
     |                               <Ok>                                 |
     |                                                                    |
     +--------------------------------------------------------------------+
# specify hostname of AD DS

 +------------------+ Configuring Kerberos Authentication +------------------+
 | Enter the hostname of the administrative (password changing) server for   |
 | the SRV.WORLD Kerberos realm.                                             |
 |                                                                           |
 | Administrative server for your Kerberos realm:                            |
 |                                                                           |
 | fd3s.srv.world___________________________________________________________ |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+
[2] Configure Winbind.
root@smb:~#
vi /etc/samba/smb.conf
# line 29: change NetBIOS Name to AD DS's one and add like follows

   workgroup = FD3S01
   realm = SRV.WORLD
   security = ads
   idmap config * : backend = tdb
   idmap config * : range = 3000-7999
   idmap config FD3S01 : backend = rid
   idmap config FD3S01 : range = 10000-999999
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false

root@smb:~#
vi /etc/nsswitch.conf
# line 7: add like follows

passwd:         files systemd winbind
group:          files systemd winbind

root@smb:~#
vi /etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login)

session optional        pam_mkhomedir.so skel=/etc/skel umask=077

# change DNS setting to refer to AD

root@smb:~#
vi /etc/netplan/01-netcfg.yaml
      nameservers:
        addresses: [10.0.0.100]

root@smb:~#
netplan apply
[3] Join in Windows Active Directory Domain.
# join in domain ( net ads join -U [AD's Administrative user])

root@smb:~#
net ads join -U Administrator

Enter Administrator's password:
Using short domain name -- FD3S01
Joined 'SMB' to dns domain 'srv.world'
root@smb:~#
systemctl restart winbind
# show domain info

root@smb:~#
net ads info

LDAP server: 10.0.0.100
LDAP server name: fd3s.srv.world
Realm: SRV.WORLD
Bind Path: dc=SRV,dc=WORLD
LDAP port: 389
Server time: Tue, 19 May 2020 16:04:08 JST
KDC server: 10.0.0.100
Server time offset: 0
Last machine account password change: Tue, 19 May 2020 16:02:46 JST

# show AD user list

root@smb:~#
wbinfo -u

administrator
guest
krbtgt
serverworld
mssql
ldapusers

# verify to login with an AD user

root@smb:~#
exit

logout

Ubuntu 20.04 LTS smb.srv.world ttyS0

smb login: serverworld@srv.world
Password:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-26-generic x86_64)

.....
.....

Creating directory '/home/serverworld'.
serverworld@smb:~$      # logined

serverworld@smb:~$
id

uid=11103(serverworld) gid=10513(domain users) groups=10513(domain users),11103(serverworld)
Matched Content