Hello all,

I was looking to add a Ubuntu 12.04 machine to our existing SAMBA domain. I am not sure how our domain is setup because I work for a International Charity and they had it installed before I came as the IT administrator.

I found a few different ones and messed up the installation twice so I thought to post the one that worked for me! It is the manual on the Clear Foundation website but I think they left out one important detail.

You will need to ensure that you have connectivity to the Internet for this installation. Log in to the workstation and let's get started.
If security is a high concern and your workstation will never leave the environment, you may specifically NOT want it to used cached credentials.

Install needed packages

1. We will need a command line for most of this stuff. Open the terminal application under Applications » Accesories » Terminal .
2. We will be doing a lot of configuration as root. Type the following in the terminal window:
sudo su -
You will be prompted for a password.
Type the following:
apt-get install winbind samba

Change Samba Configuration file
3. Add the following lines to the /etc/samba/smb.conf in the [global] section.
security = domain
netbios name = PC##
password server = [DOMAIN CONTROLLER]
workgroup = [DOMAIN NAME]
idmap uid = 10000000-19999999
idmap gid = 10000000-19999999
winbind use default domain = yes
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template shell = /bin/bash
template homedir = /home/%D/%U
domain master = no
winbind enum users = yes
winbind enum groups = yes
add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false

Of particular note above, make sure your netbios name, password server, and workgroup parameters match the local machine name which is unique on the network, the DNS name that is resolvable for the ClearOS server, and the Domain name for your ClearOS server respectively.
Find and delete the line that says:
workgroup = WORKGROUP

4. Lastly, run the testparm command to validate your entries are in the configuration and that it looks good.

Create user folders

5. Make a directory for your domain users that matches the name of your domain. In this example, our domain is 'IE' so we will run the following:
mkdir /home/[DOMAIN NAME]

Change NS Switch Configuration
6. Modify your /etc/nsswitch.conf so that it looks like this:
passwd: compat winbind
group: compat winbind
shadow: compat winbin
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

7. There are several changes to pam.d that will need to change from the default format. There are 4 files that need to be either replaced, edited or modified.
common-account

8. Blow away and replace your /etc/pam.d/common-account file away with the following to command from the shell.
cp /etc/pam.d/common-account /etc/pam.d/common-account~
echo "account sufficient pam_winbind.so" > /etc/pam.d/common-account
echo "account required pam_unix.so" >> /etc/pam.d/common-account
common-auth

9. Blow away and replace your /etc/pam.d/common-auth file away with the following to command from the shell.
cp /etc/pam.d/common-auth /etc/pam.d/common-auth~
echo "auth sufficient pam_winbind.so" > /etc/pam.d/common-auth
echo "auth required pam_unix.so nullok_secure use_first_pass" >> /etc/pam.d/common-auth
common-password

10. Using vi or your favorite editor, add a snippet to the end of /etc/pam.d/common-password in the line:
password [success=2 default=ignore] pam_unix.so obscure sha512

So that it has min=4 max=50
password [success=2 default=ignore] pam_unix.so obscure sha512 min=4 max=50

common-session

11. Add a entry to the /etc/pam.d/common-session by running the following command:
echo "session required pam_mkhomedir.so umask=0022 skel=/etc/skel" >> /etc/pam.d/common-session

With all of these modifications, it is time to reboot the workstation.
reboot

Join the computer to the domain
12. Don't forget to login and switch user back to root.
sudo su -

13. Run the following to join the workstation to the domain. Replace the relevant value for the domain name.
net rpc join -U administrator

You will be prompted for winadmin's password. Once you supply it you should get the following message:
Joined domain [NAME].

14. Add the domain_users group to the sudoers list by editing the /etc/sudoers
echo "%allusers ALL=(ALL) ALL" >> /etc/sudoers

Time to reboot again.
reboot

15. After reboot open a terminal again. Don't forget to login and switch user back to root.
sudo su -

16. Using vi or your favorite editor, add a snippet to the end of /etc/lightdm/lightdm.conf in the line:
greeter-show-manual-login=true

17. Then restart lightdm :
sudo service lightdm restart

I hope this manual helps because it has helped me for using computers that didn't have a Windows Licence anymore and install Ubuntu on it!