Setting up SAMBA on UBUNTU Server and have users authenticate using the Active Directory

1. Edit smb.conf file located under /etc/samba/smb.conf

Global Settings as follows

#======================= Global Settings =======================

[global]

Workgroup = Workgroup Name
Server string = %h Server (Samba, Ubuntu)
dns proxy = no
security = ads
realm = domain.name
password server = AD Server Name
idmap uid = 10000 – 65000
idmap gid = 10000 – 65000
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = true
passdb backend = tdbsam
pbey pam restrictions = yes
unix password sync = yes
pam password change = yes
map to guest = bad user

The Share Definition is as follows

#======================= Share Definitions =======================

[HTML]
Comment = Ubuntu Web Share
path = /var/www
public = yes
writable = yes
browsable = yes
create mask = 0755
valid users = domain\user1, domain\user2  # they will be logged in as everyone
admin users = @”domain\domain admin”     # This users will be logged in as root

2. Edit nsswitch.conf file located under /etc folder. The important bit is the files winbind under the Password, Groups, and Shadow.

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.

passwd: files winbind
group: files winbind
shadow: files winbind

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

3. Join the domain by issuing a command net ads join -UAdministrator. After this step, you should see your computer name show up under Computers when you go to Active Directory Users and Computers.

4. Issue a command kinit USERID@DOMAIN.NAME (be sure the  USERID@DOMAIN.NAME is in caps). You may need to install additional components. I had to install krb5-user component by typing sudo apt-get install krb5-user.

5. Reboot the server (with a command sudo shutdown -r now).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s