Linux with Active Directory

From wiki
Jump to: navigation, search

Step 1: Install required software

The following packages need to be installed: krb5-user, samba, sssd, and ntp. To install use command line:

    sudo apt-get install krb5-user samba sssd ntp

Step 2: Configure Kerberos

Edit the file /etc/krb5.conf :

    default_realm = LYNCHBURG.EDU	

Edit the file /etc/ntp.conf :

    server dc.LYNCHBURG.EDU

Step 3: Configure Samba

Edit the file /etc/samba/smb.conf :

    workgroup = LYNCHBURG-EDU
    client signing = yes
    client use spnego = yes
    kerberos method = secrets and keytab
    realm = LYNCHBURG.EDU
    security = ads

Step 4: Configure SSSD

Create a config file /etc/sssd/sssd.conf and insert the following:

    services = nss, pam
    config_file_version = 2
    domains = LYNCHBURG.EDU
    id_provider = ad
    access_provider = ad
    # /home/DOMAIN-FQDN/user as $HOME.  Use with
    override_homedir = /home/%d/%u	

Set the ownership to root and file permission to 600 using command lines:

    sudo chown root:root /etc/sssd/sssd.conf
    sudo chmod 600 /etc/sssd/sssd.conf

Step 5: Verify nsswitch.conf is configured

Open the file /etc/nsswitch.conf and verify these lines are correct:

    passwd:         compat sss
    group:          compat sss
    netgroup:       nis sss
    sudoers:        files sss

Step 6: Modify the /etc/hosts

Edit the file /etc/hosts with machine's IP address and machine's name PROTOTYPE1 PROTOTYPE1.LYNCHBURG.EDU

Step 7: Join the Active Directory

Restart ntp and samba and start sssd using command lines:

    sudo service ntp restart
    sudo restart smbd
    sudo restart nmbd
    sudo start sssd

Step 8: Test Configuration

Using command line:

    sudo kinit username

Verify the ticket using command line:

    sudo klist

If there is a ticket with an expiration date listed, join the domain using command line:

    sudo net ads join –k

Verify the machine was added to the domain using command line:

    getent passwd username

Step 9: Test Authentication

Authenticate using an Active Directory User’s credentials using command line:

    su – username

Step 10: Home directories with pam_mkhomedir

Edit the file /etc/pam.d/common-session and add this line directly below

    session  required skel=/etc/skel/ umask=0077

Step 11: Install lightdm

Using command lines:

    sudo add-apt-repository ppa:lightdm-gtk-greeter-team/stable
    sudo apt-get update
    sudo apt-get install lightdm-gtk-greeter

Reboot the system:

    sudo reboot

Step 12: Lightdm for manual login

Edit the file /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf by adding:


Reboot the system:

    sudo reboot

Step 13: Give LC user sudo access (optional)

Login as root and use command line:

    sudo adduser username sudo

Example: sudo adduser stocker_t sudo

This will add the user to the sudoers group and will work without prior login.


Personal tools