Asked
Updated
Viewed
149.3k times

I have installed Redhat Linux. I want to join a Windows domain, so I first edited /etc/samba/smb.conf via nano with the following contents:

workgroup = evalueserve
security = domain
password server = IP address of my Domain Controller (Windows)

I then read somewhere that I have to type the following command to join a network:

#net rpc join member -U administrator

But it shows an error something like: no command like "net"

Thus, at the moment I am not able to login my Linux server through my Windows ID. How can I tell my Linux server to join a Windows domain?

add a comment
1

2 Answers

  • Votes
  • Oldest
  • Latest
Answered
Updated

For a Windows Active Directory domain, first, make sure kerberos is installed:

# rpm -qa | grep krb

This should return at least 3 packages: krb5-devel, krb5-libs, and krb5-workstation. Next, make sure the ldap development libraries are installed:

# rpm -qa | grep ldap-devel

If either of these returns nothing, you'll need to install them - which you can do from the Redhat CD. Make sure there's an entry for your active directory DC in your /etc/hosts file:

1.2.3.4    addc.example.com   addc

Next, edit your /etc/krb5.conf to match your site. Everything should be fairly self-explanatory and everything is case sensitive. Do not comment in this file. Once you've gotten to this point, you can try:

# /usr/kerberos/bin/kinit [user@DOMAIN.COM](mailto:user@DOMAIN.COM)

replacing user with a real user and DOMAIN.COM with a real domain (which must be UPPERCASE). If things are working, you'll be prompted for a password. If you enter the correct password, you'll come back to a bash shell, if not, you should be presented with:

"kinit(v5): Preauthentication failed while getting initial credentials"

or something very similar. Note: If the clock time on the Linux machine is more than 5 minutes off from the time on the windows machine no ticket information will work. There are three ways to deal with this:

  1. Have the Linux server act as a network time server, with the Windows machine as a client.
  2. Have the Windows machine act as a time server for the Linux client.
  3. Make both systems pull the time from the same 3rd server.

Next, uninstall samba if it's installed:

# rpm -e samba

and get the latest version of samba:

$ wget http://us1.samba.org/samba/ftp/samba-latest.tar.gz

expand and install samba:

$ tar -zxvf samba*.tar.gz
$ cd samba-3.0.13
$ ./configure --prefix=/usr/local/samba --with-ldap --with-ads --with-krb5 --with-pam --with-winbind
# make && make install

Now, edit your smb.conf:

netbios name = LINUX_SERVER_NAME
realm = DOMAIN.COM
ads server = 123.123.123.123
security = ADS
encrypt passwords = yes

Then start samba:

# /etc/rc.d/init.d/smb start

To add the Linux computer to the Active Directory (AD), you need to log into the Domain Controller (DC) and add it as a user with such privileges, so (from the Linux system):

# /usr/local/samba/bin/net ads join -U Administrator

it should prompt you for Administrator's password. Note that Administrator should be a user with the right to add a computer to the AD. You should see something like: Joined 'LINUX_MACHINE_NAME' to realm 'DOMAIN.COM'. To verify this worked, go to the Windows DC and open Active Directory -> Users and Computers and look for your Linux machine to be listed there.

That's all you absolutely need to connect to the AD. If you want to map users to the AD (which is probably why you're doing this), open /etc/nsswitch.conf and change this:

passwd:     files
shadow:     files
group:      files

to this:

passwd:     compat winbind
shadow:     compat
group:      compat winbind

Then start the winbind daemon:

# winbindd

Make sure it's actually running:

# ps -ae | grep winbindd

If nothing gets returned, you probably didn't configure samba with kerberos and ldap support. If it shows winbindd running, you're all set. To make sure everything starts on reboot open /etc/rc.d/init.d/smb and /etc/rc.d/init.d/winbindd and make sure the line:

# chkconfig: 345 NN NN

exists (NN will be different numbers pertaining to priority), it should be on line 3 of both files. If these lines don't exist, add them. If they read:

# chkconfig: - NN NN

change the - to 345. Save and close those files and run chkconfig:

# chkconfig smb reset
# chkconfig winbindd reset

You can check the runlevels they will start at with:

# chkconfig smb --list
# chkconfig winbindd --list

That should about cover everything.

add a comment
1
Answered
Updated

For an NT domain, you should have the following in your smb.conf:

netbios name = SAMBA
workgroup = EVALUESERVE
security = domain
password server = IP_address_of_your_DC 

you should then be able to do something like:

smbpasswd -j EVALUESERVE -r IP_address_of_your_DC -U NT_ADMINISTRATOR
  • 0
    I have installed RHL ES 4.0. Now I want to join a Windows Domain (SPPS). The entries that I had done in /etc/samba/smb.conf are: workgroup = SPPS, security = domain, and password server = IP address of my DC (windows). Now to add the Linux server to the domain I used #net rpc join member -U administrator, but it says Unable to find a suitable server. Thoughts? — anmol
add a comment
1