Super simple Active Directory with Samba

I needed a super simple, straight forward way of installing samba on Ubuntu and joining it to an Active Directory domain.
This doesn’t allow you to login to Ubuntu with domain credentials but allows you to share and access files with domain credentials.

Heres how its done

apt-get install samba winbind krb5-config krb5-user smbfs winbind krb5-config krb5-user smbfs

<edit /etc/krb5.conf – See below>

ntpdate -s DOMAIN_CONTROLLER
kinit Administrator@DOMAIN.LOCAL

<edit /etc/samba/smb.conf  – See below>

/etc/init.d/smbd restart

net ads join -U Administrator

/etc/init.d/smbd restart && /etc/init.d/winbind restart

Job done.

File: /etc/krb5.conf

[codesyntax lang=”abap”]
[libdefaults]
default_realm = <YOUR DOMAIN NAME>

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true

[realms]
HILLHIREPLC.LOCAL = {
kdc = <DOMAIN CONTROLLER 1> <DOMAIN CONTROLLER 2>
}

[domain_realm]
.kerberos.server = <YOUR DOMAIN NAME>

[login]
krb4_convert = true
krb4_get_tickets = false

File:/etc/samba/smb.conf

[codesyntax lang=”abap”]
global]
workgroup = <YOUR WORKGROUP>
realm = <YOUR DOMAIN>
preferred master = no
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba.log
max log size = 50
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000

[backups]
force user = <SOME USER>
writeable = no
path = /backups

You can test with

wbinfo -g or wbinfo -u – if successful it will list all your domain users & groups

Author: Kieran Barnes

Kieran is a PHP developer with 15 years commercial experience. Specialist in WordPress, CakePHP, CubeCart and all things PHP.

Leave a Reply

Your email address will not be published. Required fields are marked *