Technical Articles SUSE How to Join a Suse Client to a Windows 2003 Domain
| How to Join a Suse Client to a Windows 2003 Domain |
 |
 |
 |
| Written by gerryh |
|
Use the following steps in the order that they appear to join the SUSE client to the Windows 2003 Server domain. Any issues please use the Forum/shoutbox (for registered users ONLY - but it is free!) for additional help and assistance.
Step 1: Install the Required Packages - This can be done through Yast [global] security = ads netbios name = NetBios Name realm = DOMAIN.INTERNAL password server = domainserver.domain.internal workgroup = DOMAIN idmap uid = 1000-29999 idmap gid = 1000-29999 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = Step 4: Test the configuration with the testparm command - You should be able to see what you entered in the samba.conf file. Step 5: Edit /etc/nsswitch.conf to look like the example below passwd: compat winbind group: compat winbind shadow: compat hosts: files dns wins networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Step 6: Modify the PAM settings These files are all located in the /etc/pam.d folder File: common-account (It should contain only the following lines) account sufficient pam_winbind.so account required pam_unix.so File: common-auth (It should contain only the following lines) auth sufficient pam_winbind.so auth required pam_unix.so nullok_secure use_first_pass File: common-password file password required pam_unix.so nullok obscure min=4 max=50 md5 File: common-session session required pam_mkhomedir.so umask=0022 skel=/etc/skel Step 7: Make a directory to hold domain user home directories Note: Use Konsole for this Note: Use the value you put in the WORKGROUP tag smb.conf file mkdir /home/DOMAIN Step 8: Initialize Kerberos Note: Use Konsole for this kinit domain_admin_account@DOMAIN.INTERNAL Step 9: Check to be sure you got a ticket from the domain controller Note: Use Konsole for this klist Step 10: Join the Domain Note: Use Konsole for this net ads join -U domainadminuser@DOMAIN.INTERNAL Step 11: Restart Samba-related Services Note: The order is important Note: Use Konsole for this /etc/init.d/smb stop /etc/init.d/winbind stop /etc/init.d/smb start /etc/init.d/winbind start Step 12: Attempt to switch user and logon as a domain member. If you can logon than you are successful. Step 13: Configure SUDO Add the “Domain Admins” group from windows to the /etc/sudoers file %Domain Admins ALL=(ALL) ALL Example: # sudoers file # Host alias specification # User alias specification # Cmnd alias specification # Defaults specification Defaults targetpw # ask for the password of the target user i.e. root %users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! # Runas alias specification # User privilege specification root ALL=(ALL) ALL # Uncomment to allow people in group wheel to run all commands %Domain Admins ALL=(ALL) ALL # Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom # %users localhost=/sbin/shutdown -h now Step 14: See if Konsole will list user names and group names from Windows: wbinfo -u wbinfo -g Step 15: Make sure the permission on the DOMAIN folder under Homes is set to the correct permissions so that the new users can create their folder on login. |
| Last Updated on Monday, 14 July 2008 17:45 |
This process will require the krb5-client (it is best to install ALL of the packages), Samba, and Samba-Winbind.