joining linux in windows domain

  • kiran.mehta
  • Newbie
  • Newbie
  • kiran.mehta
  • Posts: 9
  • Loc: India

Post 3+ Months Ago

Hi ,

I have installed Redhat Linux 9.0 . now i want to join windows domain . the entries what i had done are
1) cd /etc/samba/smb.conf
workgroup = evalueserve
security = domain
password server = IP address of my DC (windows)
2) i read somewhere that i have to give the following command to join a network
#net rpc join member -U administrator
But it says no command like " net"

I am not able to login to Linux server through my Windows ID. Please suggest.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

Are you talking about an NT domain or an active directory?

for an NT domain, you should have the following in your smb.conf:
Code: [ Select ]
netbios name = SAMBA
workgroup = EVALUESERVE
security = domain
password server = IP_address_of_your_DC
  1. netbios name = SAMBA
  2. workgroup = EVALUESERVE
  3. security = domain
  4. password server = IP_address_of_your_DC

you should then be able to do something like:
Code: [ Select ]
smbpasswd -j EVALUESERVE -r IP_address_of_your_DC -U NT_ADMINISTRATOR


If you're talking about an active directory domain, post again. I wasn't about to go into a crapload of information you may not need.

HTH
THIS
  • kiran.mehta
  • Newbie
  • Newbie
  • kiran.mehta
  • Posts: 9
  • Loc: India

Post 3+ Months Ago

Hi ,

Thanks for the reply, but i am talkin about active directory domain. any idea how to do that.


Regards,
Kiran
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

First, make sure kerberos is installed:
# rpm -qa | grep krb
this should return at least 3 packages: krb5-devel, krb5-libs and krb5-workstation

Next, make sure the ldap development libraries are installed:
# rpm -qa | grep ldap-devel

If either of these returns nothing, you'll need to install them - which you can do from the Redhat CD.

make sure there's an entry for your active directory DC in your /etc/hosts file:
1.2.3.4 addc.example.com addc


Next, edit your /etc/krb5.conf to match your site. Everything should be fairly self-explanitory - and everything is case sensitive. Do not comment this file.

Once you've gotten to this point, you can try:
# /usr/kerberos/bin/kinit user@DOMAIN.COM
replacing *user* with a real user and DOMAIN.COM with a real domain (which must be UPPERCASE). If things are working, you'll be prompted for a password. If you enter the correct password, you'll come back to a bash shell, if not, you should be presented with:
"kinit(v5): Preauthentication failed while getting initial credentials"
or some such.

Note: If the clock time on the Linux machine is more than 5 minutes off from the time on the windows machine no ticket information will work. There are three wys to deal with this:
1. Have the Linux server act as a network time server, with the windows machine as a client
2. Have the windows machine act as a time server for the linux client
3. Make both systems pull the time from the same 3rd server ( some are listed here - http://ntp.isc.org/bin/view/Servers/NTPPoolServers )



Next, uninstall samba if it's installed:
# rpm -e samba

get the latest version of samba:
$ wget "http://us1.samba.org/samba/ftp/samba-latest.tar.gz"

expand and install samba:
Code: [ Select ]
$ tar -zxvf samba*.tar.gz

$ cd samba-3.0.13

$ ./configure --prefix=/usr/local/samba --with-ldap --with-ads --with-krb5 --with-pam --with-winbind

# make && make install
  1. $ tar -zxvf samba*.tar.gz
  2. $ cd samba-3.0.13
  3. $ ./configure --prefix=/usr/local/samba --with-ldap --with-ads --with-krb5 --with-pam --with-winbind
  4. # make && make install



In your smb.conf:
----8<-----
netbios name = LINUX_SERVER_NAME
realm = DOMAIN.COM
ads server = 123.123.123.123
security = ADS
encrypt passwords = yes
----8<-----

start samba:
# /etc/rc.d/init.d/smb start

To add the linux computer to the AD, you need to log into the DC and add it as a user with such privledges, so (from the Linux system):
# /usr/local/samba/bin/net ads join -U Administrator
it should prompt you for Administrator's password. Note that Administrator should be a user with the right to add a computer to the AD.

you should see something like:
Joined 'LINUX_MACHINE_NAME' to realm 'DOMAIN.COM'

To verify this worked, go to the windows DC and open Active Directory->Users and Computers and look for your linux machine to be listed there.

That's all you absolutely need to connect to the AD. If you want to map users to the AD (which is probably why you're doing this), open /etc/nsswitch.conf and change this:
passwd: files
shadow: files
group: files

to this:
passwd: compat winbind
shadow: compat
group: compat winbind

start the winbind daemon:
# winbindd

make sure it's running:
# ps -ae | grep winbindd

if nothing gets returned, you probably didn't configure samba with kerberos and ldap support. If it shows winbindd running, you're all set. To make sure everything starts on reboot:
open /etc/rc.d/init.d/smb and /etc/rc.d/init.d/winbindd and make sure the line:
# chkconfig: 345 NN NN
exixts (NN will be different numbers pertaining to priority), it should be on line 3 of both files. if these lines don't exist, add them. If they read:
# chkconfig: - NN NN
change the - to 345

save and close those files and run chkconfig:
# chkconfig smb reset
# chkconfig winbindd reset

you can check the runlevels they will start at with
# chkconfig smb --list
# chkconfig winbindd --list

That should about cover everything.

HTH
THIS
  • viper_wolf
  • Born
  • Born
  • viper_wolf
  • Posts: 2

Post 3+ Months Ago

I have a slightly related question to this. How would I go about setting up name resolution? I want to be able to ping a windows computer from my linux box by it's computer name as found in WINS. If this is not possable, I atleast need a way to update the hosts file once a day, just incase the IP for the windows server has changed. Is either of these possable?
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

in your smb.conf [global] section:
Code: [ Select ]
    wins support = Yes
    name resolve order = wins lmhosts hosts bcast
    wins server = wins_server_ip_address
  1.     wins support = Yes
  2.     name resolve order = wins lmhosts hosts bcast
  3.     wins server = wins_server_ip_address
  • anmol
  • Born
  • Born
  • anmol
  • Posts: 1

Post 3+ Months Ago

I have installed RHL ES 4.0 . now i want to join windows domain(SPPS) . the entries what i had done are
1) cd /etc/samba/smb.conf
workgroup = SPPS
security = domain
password server = IP address of my DC (windows)
2) Now to add the Linux server to the domain i used
#net rpc join member -U administrator
But it says "Unable to find a suitable server"

If someone knows please help.
Thanks in advance.
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

http://www.redhat.com/docs/manuals/ente ... r-ADS.html
  • saurabh_bhide
  • Born
  • Born
  • saurabh_bhide
  • Posts: 1

Post 3+ Months Ago

HI All i have joined my linux (RHEL4 AS)system to existing windows 2003 domain...but now the problem is...i m not able to login using the domain users although i can see the users list if i run wbinfo -u...any help will be apriciate.

Post Information

  • Total Posts in this topic: 9 posts
  • Users browsing this forum: No registered users and 75 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.