kieranbarnes Independent PHP, WordPress & CubeCart Programmer

Super simple Active Directory with Samba

Posted on July 9, 2010

I needed a super simple, straight forward way of installing samba on Ubuntu and joining it to an Active Directory domain.
This doesn't allow you to login to Ubuntu with domain credentials but allows you to share and access files with domain credentials.

Heres how its done

apt-get install samba winbind krb5-config krb5-user smbfs winbind krb5-config krb5-user smbfs

<edit /etc/krb5.conf - See below>

ntpdate -s DOMAIN_CONTROLLER
kinit Administrator@DOMAIN.LOCAL

<edit /etc/samba/smb.conf  - See below>

/etc/init.d/smbd restart

net ads join -U Administrator

/etc/init.d/smbd restart && /etc/init.d/winbind restart

Job done.

File: /etc/krb5.conf 

  1. [libdefaults]
  2.         default_realm = <YOUR DOMAIN NAME>
  3.  
  4. # The following krb5.conf variables are only for MIT Kerberos.
  5.         krb4_config = /etc/krb.conf
  6.         krb4_realms = /etc/krb.realms
  7.         kdc_timesync = 1
  8.         ccache_type = 4
  9.         forwardable = true
  10.         proxiable = true
  11.  
  12.         v4_instance_resolve = false
  13.         v4_name_convert = {
  14.                 host = {
  15.                         rcmd = host
  16.                         ftp = ftp
  17.                 }
  18.                 plain = {
  19.                         something = something-else
  20.                 }
  21.         }
  22.         fcc-mit-ticketflags = true
  23.  
  24. [realms]
  25. HILLHIREPLC.LOCAL = {
  26.         kdc = <DOMAIN CONTROLLER 1> <DOMAIN CONTROLLER 2>
  27. }
  28.  
  29. [domain_realm]
  30.  .kerberos.server = <YOUR DOMAIN NAME>
  31.  
  32. [login]
  33.         krb4_convert = true
  34.         krb4_get_tickets = false

File:/etc/samba/smb.conf

  1. global]
  2. workgroup = <YOUR WORKGROUP>
  3. realm = <YOUR DOMAIN>
  4. preferred master = no
  5. security = ADS
  6. encrypt passwords = yes
  7. log level = 3
  8. log file = /var/log/samba.log
  9. max log size = 50
  10. winbind separator = +
  11. idmap uid = 10000-20000
  12. idmap gid = 10000-20000
  13.  
  14. [backups]
  15.         force user = <SOME USER>
  16.         writeable = no
  17.         path = /backups

You can test with

wbinfo -g or wbinfo -u - if successful it will list all your domain users & groups


Related posts

  1. NTLM Authentication (Active Directory) on Apache (Linux)
    Here is a quick guide to enabling NTLM authentication for Apache 2. I generally use...
  2. Ridiculously simple NTLM Authentication for Apache (Ubuntu)
    We all know Ubuntu makes things amazingly simple. This is the best I've found so...
  3. Active Directory DHCP Authorisation Issues
    So you just deleted a DHCP server in your Active Directory site and can't authorise...
  4. Really freakin’ simple mysql virtual hosting pure-ftpd
    This article will guide you through installing pure-ftpd configured for virtual hosts using mysql as...
  5. Synchronizing time on a Windows 2003 domain controller
    In a Windows domain environment its incredibly important that all clients & servers share the...

Posted by Kieran


Tagged as: , , , Leave a comment
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

(required)

No trackbacks yet.

» «
Got a WordPress or CubeCart problem? Don't Panic!

Categories

Recent Comments

Kieran Barnes

Independent PHP, WordPress and CubeCart programmer and consultant in Manchester, UK.
I can offer programming and consultancy for your next WordPress, Ecommerce or PHP web application.

Kieran Barnes

About Kieran

Kieran is a PHP developer with 15 years commercial experience. He has a niche for all things WordPress, CubeCart and other open sourcery. With expertise in most areas of Linux and Windows wrangling makes him a good choice for supporting and consulting your next web application.

Get in Touch

ITR DC2

FTOOC

MCR VTEC

Bulldog Rescue
Sitemap (HTML)
Sitemap (XML)