Joining Ubuntu to a Windows 2003 AD

Submitted by madvip on Thu, 06/19/2008 - 09:12.

First of all you need to install the following packages:

* Samba (version 3):
o samba
o samba-common (installed by default)
o smbclient (installed by default)
o winbind

* Kerberos:
o krb5-config
o krb5-user

Edit /etc/samba/smb.conf:

[global]
security = ADS
realm = mycompany
workgroup = mycompany
password server = obelix.mycompany
wins support = no
wins server = 10.0.20.202
invalid users = root
# Winbind settings
idmap uid = 10000-20000
idmap gid = 10000-20000
# For testing
debuglevel = 2

# A shared folder for testing purposes
[SharedFolder]
path = /home/madvip/Shared_Folder
available = yes
public = yes
writable = yes
force create mode = 0666
force directory mode = 0777

Edit /etc/krb5.conf:

libdefaults]
 default_realm = mycompany
 krb4_config = /etc/krb.conf
 krb4_realms = /etc/krb.realms
 kdc_timesync = 1
 ccache_type = 4
 forwardable = true
 proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
 v4_instance_resolve = false
 v4_name_convert = {
  host = {
   rcmd = host
   ftp = ftp
  }
  plain = {
   something = something-else
  }
 }
[realms]
mycompany = {
        kdc = obelix.mycompany
        admin_server = obelix.mycompany
}
[domain_realm]
 .mycompany.local = obelix.mycompany
 mycompany.local = obelix.mycompany
[login]
 krb4_convert = true
 krb4_get_tickets = true

Edit /etc/nsswitch:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd:         compat winbind
group:          compat winbind
shadow:         compat
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

I have done the following two aliases inside ~/.bashrc to faciliate the joining and leaving of the domain.

alias join_dom="sudo /etc/init.d/samba start && sudo /etc/init.d/winbind start && sudo net ads join -U madvip"
alias leave_dom="sudo /etc/init.d/samba stop && sudo /etc/init.d/winbind stop"
»