Wednesday, August 17, 2011

Adding Ubuntu to Windows ADS

ADS stands for Active Directory server. This article explains how to add an Ubuntu machine to a Active Directory server based domain controller. To add that first install the following packages using Synaptic Package Manager.
Samba (version 3):
  • samba
  • samba-common (installed by default)
  • smbclient (installed by default)
  • winbind
Kerberos:
  • krb5-config
  • krb5-user
We will use Likewise open to add the machine to domain. Likewise provides a simple gui to handle the tast, which otherwise would result in hand editing configurations files. Add Like-Wise open using Add/remove Application facility.
For the exercise we will assume the following details
  • Domain Name: LALITBHATT.COM
  • IP: 192.168.1.111
  • Host name: linuxBox
As per the above we need to do the following chages in smb.conf with sudo permission.
sudo gedit /etc/samba/nsswitch.conf
Make the following changes
In Global Section

workgroup = LALITBHATT.COM
realm=192.168.1.111
netbios name=linuxBox
In authentication section
security = ads
Kerberos are used for login purposed. The changes are done in krb5.conf
 sudo gedit /etc/krb5.conf

changes are:
realms
LALITBHATT.COM = {
kdc = 192.168.1.111
admin_server = 192.168.1.111
}
domain_realm
.LALITBHATT.COM = 192.168.1.111
LALITBHATT.COM = 192.168.1.111
login
krb4_convert = true
krb4_get_tickets = true
Changes In nsswich.conf
sudo gedit /etc/nsswitch.conf
Changes
passwd: compat winbind lsass
group: compat winbind lsass
shadow: compat
After the above changes are done, we need to restart the samba and winbind service
sudo /etc/init.d/samba restart
sudo /etc/init.d/winbind restart
Now we will add the machine using Likewise. Start the likewise application and add the domain name as "LALITBHATT.COM". Provide the administrative username and password of machine on which the Primary domain controller (ADS) is hosted. The machine should become a part of the domain. To login into the machine use the format <domain_name>/<user_name> .

No comments:

Post a Comment