Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Adding Linux server to Window Domain

Posted on 2013-12-05
1
Medium Priority
?
570 Views
Last Modified: 2013-12-06
Hi Experts,

I am trying to integrate Window OS and Linux OS together. I came across this situation where I wish to integrate my linux(debian) server into Window Domain. I wish to know how can this be accomplished?

I believed that I needed samba share for sure. I know in smb.conf there is a workgroup section. Do I simply config workgroup to window domain or I need to configure other files as well? Do I need to somehow configure domain controller from window into linux? Anything else that I need?

If I wish to use the AD (active directory) from window with linux Do I need to install the kbr5(kebros) so linux will recognize the user from AD? What else do I need to make it work?
If I need kbr, how can I configure it to make it work with windows?

I've read about winbind. Do I need winbind also? If so, how should I configure it. Thanks
0
Comment
Question by:kisegi
1 Comment
 
LVL 13

Accepted Solution

by:
Daniel Helgenberger earned 2000 total points
ID: 39700433
Hello,

there are plenty of tutorials to do so. I will point out some in the end.

Here only some considerations for starters:
1. The mode you need for your server would be ADS. Here a sample [global] section with Kerberos (realm=) :
[global]
	security = ADS
        workgroup = YOURDOMAIN
        realm = YOURDOMAIN.COM

Open in new window


2. You need to consider one crucial point: Do any other computes access the linux storage in another way (nfs / direct access)? Do you have other Linux servers? The point here is the GID/UID mapping. If the the storage is isolated to your linux file server, then you can ignore it leave it to the default. Otherwise you might want to use the AD gid number / uid number attributes for your setup.

3. Kerberos is optional. Samba works without it - though I always set this up for convenience. You can for instance add a group policy to map a user's share with the password method. Windows also tries the logon credentials automatically first.

4. There are packages around with do these jobs quiete well without much configuration. Have a look at Likewise / Powerbroker Identity Services (free) for instance. I use this:
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

5. You will need winbind to do the actual domain joining. Remember, winbind is part of the samba package.

6. As for your link, here is one I googled:
https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question