Tags

, , , , ,

To join a Windows Active Domain, we need to install the following packages. krb5-user, libkrb53, samba and winbind.

apt-get install krb5-user libkrb53 samba winbind

 

After installing the packages, open up /etc/krb5.conf

Basic configuration for /etc/krb5.conf

[libdefaults]
 default_realm = WSSX.LOCAL
      dns_lookup_kdc = yes
      dns_lookup_realm = yes
 ticklet_lifetime = 24h
      default_keytab_name = FILE:/etc/krb5.keytab

[realms]
      WSSX.LOCAL = {
           kdc = WindowsServer.wssX.local
           master_kdc = WindowsServer.wssX.local
           admin_server = WindowsServer.wssX.local
           default_domain = wssX.local
      }

[domain_realm]
      .wssX.local = WSSX.LOCAL
       wssX.local = WSSX.LOCAL

[login]
 krb4_convert = true
 krb4_get_tickets = false

 

Save and enter the following commands to test the configuration.

kinit Administrator
klist

 

winbind uses the same configuration file as samba.

Open up samba’s comfiguration file /etc/samba/smb.conf

Basic configuration for smb.conf

[global]
 workgroup = WSSX
 netbios name = debian
 realm = WSSX.LOCAL
 security = ads
 kerberos method = secrets and keytab
 dedicated keytabfile = /krb/krb5.keytab
 idmap uid = 10000-20000
 idmap gid = 10000-20000
 winbind enum users = yes
 winbind enum groups = yes
 winbind use default domain = yes
 template homedir = /home/%D/%U
 template shell = /bin/bash
[tmp]
 path = /srv/samba/tmp
 writeable = yes
 guest ok = yes

 

Open up /etc/nsswitch.conf and modify the following lines.

passwd: files winbind
 group: files winbind
 shadow: files winbind

 

Open up /etc/pam.d/common-account and add the following line.

account sufficient pam_winbind.so

 

Open up /etc/pam.d/common-auth and add the following line.

auth sufficient pam_winbind.so

 

Open up /etc/pam.d/common-session and add the following line.

session sufficient pam_winbind.so

 

Join the domain by entering the command below.

net ads join -U Administrator


Advertisements