• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 323
  • Last Modified:

Connecting Fedora into Win2003 Domain

I am a complete newbie to Linux, so you guys will have to be patient with me!  I have got linux set up, networking is fine,I can map to shares on my other machines OK. I would like to know if my Linux box can 'join' my 2003 domain? Also by joining the domain will I be able to log into linux using my domains username/pass?
0
craigja
Asked:
craigja
1 Solution
 
wesly_chenCommented:
Hi,

   You need to setup "Samba" to do it.
   However, it is not really "join" the Windows active directory as the other Windows PC do. But you can set your Linux password
sync with Windows server's.

   Please check the URL for more details:
http://us3.samba.org/samba/docs/using_samba/toc.html

Wesly
   
0
 
mmarthaCommented:
The linux box does join the domain because it has to be authentified in the Domain Controller with Kerberos, this adds a new "pc" in the Domain.

You must have these installed:

* kerberos client (http://web.mit.edu/kerberos/www)
* samba server with winbind (www.samba.org)
* samba client (www.samba.org. usually your linux box has this installed)

These files must be edited:
*krb5.conf
*nsswitch.conf
*smb.conf

** krb5.conf
You must specify your REALM, IP parameters and the Domain. The krb5.conf file has author's comnments about how to do this.

**nsswitch.conf
Add "winbind" in the passwd, group, host lines. This for the domain accounts mapping into the linux box.
E.g.
passwd files winbind
group files winbind
host file dns winbind

**smb.conf
workgroup = domain logon name (e.g. you can have a companydomain.com domain with a logon workgroup of company-domain-server)
security = ads if you have Active Directory or set to domain if you have another one
realm = must be the realm
password server = *
encript password = yes
winbind separator = +
id map key gid = 10000-20000
winbin enum users = yes
winbind enum group = yes
template home dir = /home/win/%U ("win" can be changed, is just an example)
template shell = /bin/bash (or your preferred shell)


Then you do: (as root. indicated by the # symbol)
# kinit A_USER_IN_THE_REALM@REALM
# netads -s YOUR_DC_IP join

You have your computer in the domain and you have the domain account mapped into your system

you can type:

# getent passwd
and see your domain accounts for verification


NOTE: The smb.conf options aren't the exact name. Just to give you an idea.

I MAY have an err. That's the way it should be done as I can remember.
0
 
mmarthaCommented:
For your domain users to log in the linux box, you must edit your PAM settings.

Here are some links after googling for your question:

http://insight.zdnet.co.uk/software/developer/0,39020469,2122363,00.htm

http://www.experts-exchange.com/Networking/Linux_Networking/Q_20765134.html



This page describes exactly what you want (I think):

http://www.isomedia.com/homes/kpuckett/Windows_Domain_Logins_from_DesktopLX.htm
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
tanelornCommented:
Hi,

I've just built a server to serve our pc's.  it can be done.  
I've spent the last couple of days doing just this.  I had to use the pre-releases due to circumstances in my environment here at work.

I would wait a month or 2 before tackling this project.  and here's why..
there's been a breakage between windows server 2003AD and samba.  Jerry, and the rest of the programmers on the samba team are doing a great job working on it.  

there's a disconnect between the kerberos authentication backend and samba itself if the kerberos realm is different than the dns domain. there's also an issue with the encription types etc.. etc.. we can thank Microsofts implementation of kerberos... I won't go into the gory details

I would wait until there is a production release of  samba 3.0.8  don't use 3.0.7 with a win2k3 AD domain.

here's what I used and it seemd to work.  mind you the version of samba is not a production release yet...

if you want to play here's the url for these downloads
http://samba.org/~jerry/RPMS/samba/Fedora/RPMS/i386/core/2/
samba-3.0.8pre2-1.i386.rpm
samba-client-3.0.8pre2-1.i386.rpm
samba-common-3.0.8pre2-1.i386.rpm
samba-swat-3.0.8pre2-1.i386.rpm <---this is part of the version, but don't use swat.  it changes double quotes to single quotes around things that need to be quoted...

also, you'll need to make sure you are using these can be had using the fedora updater "yum"
krb5-devel-1.3.4-6.i386.rpm
krb5-server-1.3.4-6.i386.rpm
krb5-libs-1.3.4-6.i386.rpm
krb5-workstation-1.3.4-6.i386.rpm

also RTFM    the docs are pretty good if you follow them the links above look good.
we can help you out here if you need more help.


Tanelorn



0
 
craigjaAuthor Commented:
mmartha, Where so I find the files in order to edit them? As  you are probablly gathering I am a Windows guy, this is my first foray into the confusing world of Linux!
One other question, Can Linux be a domain controller? By that I mean if I wanted to set up an entire network using Linux could I have a central account like in AD for Windows?
0
 
wesly_chenCommented:
Hi,
> Where so I find the files in order to edit them
/etc/krb5.conf, /etc/nsswitch.conf, /etc/samba/smb.conf

Wesly
0
 
mmarthaCommented:
alternatively, you can do:

# find / -name krb5.conf
# find / -name nsswitch.conf
# find / -name smb.conf

Regards,

MMarts ;D
0
 
mmarthaCommented:
Yes, Linux can be a PDC (Primary Domain Controller) trough samba. I haven't done this, but you can read about how to do it here:

http://www-106.ibm.com/developerworks/eserver/tutorials/samba.html (You need to register, but is free)
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2512340

Google it. :)

MMarts
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Tackle projects and never again get stuck behind a technical roadblock.
Join Now