Solved

Adding Linux server to Window Domain

Posted on 2013-12-05
1
529 Views
Last Modified: 2013-12-06
Hi Experts,

I am trying to integrate Window OS and Linux OS together. I came across this situation where I wish to integrate my linux(debian) server into Window Domain. I wish to know how can this be accomplished?

I believed that I needed samba share for sure. I know in smb.conf there is a workgroup section. Do I simply config workgroup to window domain or I need to configure other files as well? Do I need to somehow configure domain controller from window into linux? Anything else that I need?

If I wish to use the AD (active directory) from window with linux Do I need to install the kbr5(kebros) so linux will recognize the user from AD? What else do I need to make it work?
If I need kbr, how can I configure it to make it work with windows?

I've read about winbind. Do I need winbind also? If so, how should I configure it. Thanks
0
Comment
Question by:kisegi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 500 total points
ID: 39700433
Hello,

there are plenty of tutorials to do so. I will point out some in the end.

Here only some considerations for starters:
1. The mode you need for your server would be ADS. Here a sample [global] section with Kerberos (realm=) :
[global]
	security = ADS
        workgroup = YOURDOMAIN
        realm = YOURDOMAIN.COM

Open in new window


2. You need to consider one crucial point: Do any other computes access the linux storage in another way (nfs / direct access)? Do you have other Linux servers? The point here is the GID/UID mapping. If the the storage is isolated to your linux file server, then you can ignore it leave it to the default. Otherwise you might want to use the AD gid number / uid number attributes for your setup.

3. Kerberos is optional. Samba works without it - though I always set this up for convenience. You can for instance add a group policy to map a user's share with the password method. Windows also tries the logon credentials automatically first.

4. There are packages around with do these jobs quiete well without much configuration. Have a look at Likewise / Powerbroker Identity Services (free) for instance. I use this:
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

5. You will need winbind to do the actual domain joining. Remember, winbind is part of the samba package.

6. As for your link, here is one I googled:
https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Fine Tune your automatic Updates for Ubuntu / Debian
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question