Hello all,
I was looking to add a Ubuntu 12.04 machine to our existing SAMBA domain. I am not sure how our domain is setup because I work for a International Charity and they had it installed before I came as the IT administrator.
I found a few different ones and messed up the installation twice so I thought to post the one that worked for me! It is the manual on the Clear Foundation website but I think they left out one important detail.
You will need to ensure that you have connectivity to the Internet for this installation. Log in to the workstation and let's get started.
If security is a high concern and your workstation will never leave the environment, you may specifically NOT want it to used cached credentials.
Install needed packages
1. We will need a command line for most of this stuff. Open the terminal application under Applications » Accesories » Terminal .
2. We will be doing a lot of configuration as root. Type the following in the terminal window:
You will be prompted for a password.
sudo su -
Type the following:
apt-get install winbind samba
Change Samba Configuration file
3. Add the following lines to the /etc/samba/smb.conf in the [global] section.
security = domain
netbios name = PC##
password server = [DOMAIN CONTROLLER]
workgroup = [DOMAIN NAME]
idmap uid = 10000000-19999999
idmap gid = 10000000-19999999
winbind use default domain = yes
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template shell = /bin/bash
template homedir = /home/%D/%U
domain master = no
winbind enum users = yes
winbind enum groups = yes
add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false
Of particular note above, make sure your netbios name, password server, and workgroup parameters match the local machine name which is unique on the network, the DNS name that is resolvable for the ClearOS server, and the Domain name for your ClearOS server respectively.
Find and delete the line that says:
workgroup = WORKGROUP
4. Lastly, run the testparm command to validate your entries are in the configuration and that it looks good.
Create user folders
5. Make a directory for your domain users that matches the name of your domain. In this example, our domain is 'IE' so we will run the following:
mkdir /home/[DOMAIN NAME]
Change NS Switch Configuration
6. Modify your /etc/nsswitch.conf so that it looks like this:
passwd: compat winbind
group: compat winbind
shadow: compat winbin
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
7. There are several changes to pam.d that will need to change from the default format. There are 4 files that need to be either replaced, edited or modified.
common-account
8. Blow away and replace your /etc/pam.d/common-account file away with the following to command from the shell.
common-auth
cp /etc/pam.d/common-account /etc/pam.d/common-account~
echo "account sufficient pam_winbind.so" > /etc/pam.d/common-account
echo "account required pam_unix.so" >> /etc/pam.d/common-account
9. Blow away and replace your /etc/pam.d/common-auth file away with the following to command from the shell.
common-password
cp /etc/pam.d/common-auth /etc/pam.d/common-auth~
echo "auth sufficient pam_winbind.so" > /etc/pam.d/common-auth
echo "auth required pam_unix.so nullok_secure use_first_pass" >> /etc/pam.d/common-auth
10. Using vi or your favorite editor, add a snippet to the end of /etc/pam.d/common-password in the line:
password [success=2 default=ignore] pam_unix.so obscure sha512
So that it has min=4 max=50
password [success=2 default=ignore] pam_unix.so obscure sha512 min=4 max=50
common-session
11. Add a entry to the /etc/pam.d/common-session by running the following command:
echo "session required pam_mkhomedir.so umask=0022 skel=/etc/skel" >> /etc/pam.d/common-session
With all of these modifications, it is time to reboot the workstation.
reboot
Join the computer to the domain
12. Don't forget to login and switch user back to root.
sudo su -
13. Run the following to join the workstation to the domain. Replace the relevant value for the domain name.
net rpc join -U administrator
You will be prompted for winadmin's password. Once you supply it you should get the following message:
Joined domain [NAME].
14. Add the domain_users group to the sudoers list by editing the /etc/sudoers
echo "%allusers ALL=(ALL) ALL" >> /etc/sudoers
Time to reboot again.
reboot
15. After reboot open a terminal again. Don't forget to login and switch user back to root.
sudo su -
16. Using vi or your favorite editor, add a snippet to the end of /etc/lightdm/lightdm.conf in the line:
greeter-show-manual-login=true
17. Then restart lightdm :
sudo service lightdm restart
I hope this manual helps because it has helped me for using computers that didn't have a Windows Licence anymore and install Ubuntu on it!
Bookmarks