HOWTO: Active Directory Authentication

[kfsone]

Just installed a fresh 9.10 server, did the following:

$ sudo apt-get -y install likewise-open5
...
$ sudo vi /etc/nsswitch.conf
[ put dns ahead of m4 ]
$ sudo domainjoin-cli join CRS.local $USER $PASS
[ joined ]
$ sudo reboot
[ reboot, relogin ]
$ ls /etc/samba
ls: cannot access /etc/samba: No such file or directory

I can login as username@CRS, but I want to make CRS the default domain.

So I tried enabling "assume-default-domain" in /etc/likewise-open/lsassd.conf ... restarted likewise-open5. Didn't work.

I tried

$ sudo apt-get -y install samba

Rebooted, still no /etc/samba/lwiauthd.conf,
still no default domain.

[CAEman]

Try to add in /etc/ldap.conf:
host [ldap server IP address]
base dc=[domain]

And appropriate configuration of pam.

[guimenez]

Please, i need help

i've successfully join ubuntu 10.04 to 2008 active directory.
now i need every time a user login, it will map a is shared folder from server

i've 2 groups: basic and medium

if i login with a user that as basic group it will mount is shared folder from server.

my server as this folder structure:

2008server
|
|----- basic
| |
| |- basic_user (shared)
|
|----- medium
|
|- medium_user (shared)

i've try smb://2008server/'%g'/'%u'

but nothing

hope someone help me on this

thanks

[kinitsu]

What do you guys have on

root@proxy:~# net ads join -U domain admin
Enter domain admin's password:
Using short domain name -- domain
Joined 'mycomputer' to realm 'mydomain.local'
DNS update failed!

when I check the AD to see if "mycomputer" account was created, it wasn't.

[upallnight]

Likewise Open is the easiest complete solution for Linux workstations to authenticate to an Active Directory domain. I wish I had found it sooner.
The likewise-open package in the Ubuntu repo works fine, but I found the install script from:
http://www.likewise.com/products/likewise_open/
has some new features.

Its really as simple as typing the AD domain then logging in with an account that has permission to manage the Domain. Then test it by logging in with an AD account on your local machine:

Code:

ssh example\\steve@localhost

For Ubuntu help on Likewise Open see
https://help.ubuntu.com/8.04/serverg...wise-open.html
or
https://help.ubuntu.com/community/LikewiseOpen

[C Morris]

I followed the instructions down to step 6, then I realized DNS was misconfigured so it wasn't working. Unfortunately, I got called away and due to the idle time my ssh session was lost. So now I can't log in. Is this installation totally hosed now?

[snake2903]

This is great tutorial but i have questions.

In my company we have 3 server for our domain, example:

Our domain name: INT.COMPANY.COM

3 servers that give as above domain name:

dc-1.int.company.com this is main server
dc-2.int.company.com
dc-3.int.company.com

Is this good configuration of krb5.conf file for my situation:

Code:

[logging] 
default = FILE10000:/var/log/krb5lib.log     

[libdefaults]          
ticket_lifetime = 24000          
default_realm = INT.COMPANY.COM 
         default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc 
         default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms] 
INT.COMPANY.COM = 
{ 
   kdc = dc-1.int.company.com
   kdc = dc-2.int.company.com 
   kdc = dc-3.int.company.com
   admin_server = dc-1.int.company.com
   master_kdc = dc-1.int.company.com     
   default_domain = INT.COMPANY.COM          
}

 [domain_realm]
 .domain.local = INT.COMPANY.COM         
  domain.local = INT.COMPANY.COM

The part that is confusing me is:
Is it good that i defined my main domain server as master_kdc?
Do i need define admin_server for secondary domain servers (dc-2 and dc-3 ) so it looks like this?

Code:

admin_server = dc1.int.company.com
admin_server = dc2.int.company.com
admin_server = dc3.int.company.com

Will this configuration automatically switch me to secondary kdc if kdc1 crash?

And this is my smb.conf file how i think it should be configured

Code:

[global]
workgroup = INT
realm = INT.COMPANY.COM
#netbios name = computer_name
server string = %h server (Samba %v, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ADS
domain master = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
usershare allow guests = yes

Do i need in smb.conf file add this lines because we have multiple servers for same domain and one is master server?

password server = dc1.int.company.com
domain master = dc1.int.company.com?

I hope you understand me