ActiveDirectory Ubuntu » History » Version 1
Joseph Foley, 2015-09-05 02:46
| 1 | 1 | Joseph Foley | h1. ActiveDirectory Ubuntu |
|---|---|---|---|
| 2 | |||
| 3 | Ubunth guide at https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto |
||
| 4 | |||
| 5 | h2. Important information |
||
| 6 | |||
| 7 | Guided by http://technet.microsoft.com/en-us/library/bb727055.aspx |
||
| 8 | |||
| 9 | * DNS servers are 10.11.1.2 10.12.1.3 |
||
| 10 | * AD PDC: |
||
| 11 | <pre>host -t srv _ldap._tcp.pdc._msdcs.hir.is |
||
| 12 | _ldap._tcp.pdc._msdcs.hir.is has SRV record 0 100 389 hirdc1.hir.is. |
||
| 13 | </pre> |
||
| 14 | * AD GC: |
||
| 15 | <pre> host -t srv _ldap._tcp.gc._msdcs.hir.is |
||
| 16 | _ldap._tcp.gc._msdcs.hir.is has SRV record 0 100 3268 hirdc1.hir.is. |
||
| 17 | _ldap._tcp.gc._msdcs.hir.is has SRV record 0 100 3268 hirdc2.hir.is. |
||
| 18 | _ldap._tcp.gc._msdcs.hir.is has SRV record 0 100 3268 hirdc.hir.is. |
||
| 19 | </pre> |
||
| 20 | * AD GCIpAddress |
||
| 21 | <pre> host _gc._msdcs.hir.is |
||
| 22 | Host _gc._msdcs.hir.is not found: 3(NXDOMAIN) |
||
| 23 | </pre> |
||
| 24 | * AD Kerberos KDC |
||
| 25 | <pre> host -t srv _kerberos._tcp.dc._msdcs.hir.is |
||
| 26 | _kerberos._tcp.dc._msdcs.hir.is has SRV record 0 100 88 hirdc.hir.is. |
||
| 27 | _kerberos._tcp.dc._msdcs.hir.is has SRV record 0 100 88 hirdc2.hir.is. |
||
| 28 | _kerberos._tcp.dc._msdcs.hir.is has SRV record 0 100 88 hirdc1.hir.is. |
||
| 29 | </pre> |
||
| 30 | * AD DC |
||
| 31 | <pre> host -t srv _ldap._tcp.dc._msdcs.hir.is |
||
| 32 | _ldap._tcp.dc._msdcs.hir.is has SRV record 0 100 389 hirdc1.hir.is. |
||
| 33 | _ldap._tcp.dc._msdcs.hir.is has SRV record 0 100 389 hirdc2.hir.is. |
||
| 34 | _ldap._tcp.dc._msdcs.hir.is has SRV record 0 100 389 hirdc.hir.is. |
||
| 35 | </pre> |
||
| 36 | |||
| 37 | # AD GC: @host -t srv |
||
| 38 | |||
| 39 | h2. Install DNS config |
||
| 40 | |||
| 41 | # Edit /etc/network/interfaces to have the HIR.IS dns servers |
||
| 42 | <pre>sudo gedit /etc/network/interfaces</pre> |
||
| 43 | ## It should contain something like this |
||
| 44 | <pre>auto lo |
||
| 45 | iface lo inet loopback |
||
| 46 | |||
| 47 | iface eth0 inet dhcp |
||
| 48 | dns-search hir.is ru.is dev.ru.is |
||
| 49 | dns-nameservers 10.11.1.2 10.12.1.3 |
||
| 50 | </pre> |
||
| 51 | |||
| 52 | h2. Setup the SAMBA and WinBind |
||
| 53 | |||
| 54 | # Add [global] |
||
| 55 | security = ads |
||
| 56 | realm = HIR.IS |
||
| 57 | password server = hirdc.hir.is |
||
| 58 | # note that workgroup is the 'short' domain name |
||
| 59 | workgroup = HIR |
||
| 60 | # winbind separator = + |
||
| 61 | idmap uid = 10000-20000 |
||
| 62 | idmap gid = 10000-20000 |
||
| 63 | winbind enum users = yes |
||
| 64 | winbind enum groups = yes |
||
| 65 | template homedir = /home/%D/%U |
||
| 66 | template shell = /bin/bash |
||
| 67 | client use spnego = yes |
||
| 68 | client ntlmv2 auth = yes |
||
| 69 | encrypt passwords = yes |
||
| 70 | winbind use default domain = yes |
||
| 71 | restrict anonymous = 2the packages |
||
| 72 | <pre>sudo apt-get install winbind samba smbfs smbclient</pre> |
||
| 73 | ## You should allow it to adjust the @/etc/pam.d/common-*@ files |
||
| 74 | # Try to kinit (replace foley with your RU username) |
||
| 75 | <pre>kinit foley@HIR.IS</pre> |
||
| 76 | # Now try to join the domain. You need an account that has the ability to add hosts in AD. You may need to send in a ticket to IT |
||
| 77 | <pre>net ads join -U foley</pre> |