Project

General

Profile

Actions
History

Wiki » Documentation »

ActiveDirectory Ubuntu

Ubunth guide at https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

Important information

Guided by http://technet.microsoft.com/en-us/library/bb727055.aspx

  • DNS servers are 10.11.1.2 10.12.1.3
  • AD PDC:
    host -t srv _ldap._tcp.pdc._msdcs.hir.is
_ldap._tcp.pdc._msdcs.hir.is has SRV record 0 100 389 hirdc1.hir.is.
  • AD GC:
     host -t srv _ldap._tcp.gc._msdcs.hir.is
_ldap._tcp.gc._msdcs.hir.is has SRV record 0 100 3268 hirdc1.hir.is.
_ldap._tcp.gc._msdcs.hir.is has SRV record 0 100 3268 hirdc2.hir.is.
_ldap._tcp.gc._msdcs.hir.is has SRV record 0 100 3268 hirdc.hir.is.
  • AD GCIpAddress
     host _gc._msdcs.hir.is
Host _gc._msdcs.hir.is not found: 3(NXDOMAIN)
  • AD Kerberos KDC
     host -t srv _kerberos._tcp.dc._msdcs.hir.is
_kerberos._tcp.dc._msdcs.hir.is has SRV record 0 100 88 hirdc.hir.is.
_kerberos._tcp.dc._msdcs.hir.is has SRV record 0 100 88 hirdc2.hir.is.
_kerberos._tcp.dc._msdcs.hir.is has SRV record 0 100 88 hirdc1.hir.is.
  • AD DC
     host -t srv _ldap._tcp.dc._msdcs.hir.is
_ldap._tcp.dc._msdcs.hir.is has SRV record 0 100 389 hirdc1.hir.is.
_ldap._tcp.dc._msdcs.hir.is has SRV record 0 100 389 hirdc2.hir.is.
_ldap._tcp.dc._msdcs.hir.is has SRV record 0 100 389 hirdc.hir.is.
  1. AD GC: @host -t srv

Install DNS config

  1. Edit /etc/network/interfaces to have the HIR.IS dns servers
    sudo gedit /etc/network/interfaces
    1. It should contain something like this
      auto lo
iface lo inet loopback

iface eth0 inet dhcp
      dns-search hir.is ru.is dev.ru.is
      dns-nameservers 10.11.1.2 10.12.1.3

Setup the SAMBA and WinBind

  1. Add [global]
    security = ads
    realm = HIR.IS
    password server = hirdc.hir.is
  2. note that workgroup is the 'short' domain name
    workgroup = HIR
  3. winbind separator = +
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash
    client use spnego = yes
    client ntlmv2 auth = yes
    encrypt passwords = yes
    winbind use default domain = yes
    restrict anonymous = 2the packages
    sudo apt-get install winbind samba smbfs smbclient
    1. You should allow it to adjust the /etc/pam.d/common-* files
  4. Try to kinit (replace foley with your RU username)
    kinit foley@HIR.IS
  5. Now try to join the domain. You need an account that has the ability to add hosts in AD. You may need to send in a ticket to IT
    net ads join -U foley

Updated by Joseph Foley over 9 years ago · 1 revisions