Comments on Ubuntu 9.04 Samba Server Integrated With Active Directory

Ubuntu 9.04 Samba Server Integrated With Active Directory This howtos describes how an Ubuntu 9.04 Samba server is integrated with Active Directory, and how to use Winbind; the Linux server sees the domain users and groups transparently. I assume that your Ubuntu server is installed and ready to be configured with Samba.

17 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous
Reply  

Use "sudo -i" instead of "sudo su".

By:
Reply  

Thanks for the instructions.

It is very helpful. 

I was wondering and I think that the (users) rights to files and folders on the Windows side has to be set in the Samba/Linux server.

Please correct me if I am wrong and if you could show some examples of it that will be great! (or the link if its already there)

 

Thanks a Lot!

By: KenP
Reply  

Hi, I wonder why we need Administrator account to join the domain?

 As I understand, if you already have a computer account in your AD domain, all you need is your own domain username and password. Does this work with samba/winbind?

By: mislam
Reply  

My understanding is as long as you are member of domain admin or helpdesk admin , you should be able to add PC or Server to the domain. but i dont thing being a domain users only  wont let you do that. i just used as example by using administrator. Thanks

By: Anonymous
Reply  

Actually, the ability to add a computer to the domain is controlled by a security policy (group policy).  It's called "Add workstations to domain", and is described by Microsoft here:

 http://technet.microsoft.com/en-us/library/cc976452.aspx

 By default any authenticated user can add computers to a domain (up to ten of them, no idea why that number but there it is).  I once had a rather honest co-worker let me know that I'd never changed that on our domain controller and he was able to set up VMs at will and add them to the domain, which he probably figured was messing with our Windows CALs count and I would probably care.  Needless to say, I turned that "feature" off right quick.

By: Anonymous
Reply  

I wonder too, but it works that way for Windows too. Your AD account is not enough.

By: chern0byl
Reply  

Hi there!

 I'm still doubtful about this. I'm currently trying to setup an ubuntu system to use AD authentication without the need to actually join the ubuntu system to the AD domain since the host is already in the domain because is was previously a windows xp system host which i'm trying to migrate to linux now with the same hostname as it was set in windows.

 I still was not successfull, but i'm able to query the AD domain using the commands like:

 net ads info

 So using a previous windows AD host as a linux host will work? Was anyone successfull doing something like this?

 Cheers,

 Nuno.

By: Anonymous
Reply  

This procedure also works for joining a Samba 4 ADS style domain

By: Anonymous
Reply  

This article was good, but it could have been better if it included how to setup the shares so that the domain users or domain groups could be utilized.  Took me some searching elsewhere but found that you can use setup shares with the line Valid Users =@domain name+groupname for groups or Valid Users ="@domainname+group name" if the group name is two words.  To add users individually just add domainname+username without the @ symbol in front.  Separate each user or group with a space.

By: walerm
Reply  

Hello Max

If you look closer to at your error msg, you can see that the realm is showing up twice.

kerberos_kinit_password [email protected]@MMRP.ORG failed: Malformed representation of principal

 The correct command would then be: net ads join -U Administrator

 I also had to run /etc/init.d/winbind restart after editing nsswitch.conf to have a successful run of the winfo -u and winfo -g commands :)

 morten

 

By: Samuel
Reply  

Hy

required with this command could resolve the above error thank you

By: xplicit
Reply  

Just use: net ads join -U Administrator

without domain name

By: Max Kimambo
Reply  

Hello

I followed the tutorial to the point, but i am getting an Error when trying to join the domain. 

 net ads join -U [email protected]
what i get is

libads/kerberos.c:ads_kinit_password(362)
  kerberos_kinit_password [email protected]@MMRP.ORG failed: Malformed representation of principal
Failed to join domain: failed to connect to AD: Malformed representation of principal

Which does make sense the domain name is appended twice, but the real and the domain are defined as per the guide above and this is a clean install of ubuntu 9.04 32 bit server 

Any suggestions? 

If i find a solution on google will post it here. 

 

regards,

 

Max.

By: Kumar
Reply  

Hi..

This is an very nice document, without any knowledge we can integrate Samba and AD, It helps a lot.

Thanks you very much for such simple document.

Regards,

Kumar

 

By: Anonymous
Reply  

Very helpfull howto, I did that the hard way checking lots of info and eventually I got it done, wish I had this guide before :D

By:
Reply  

net ads join -U [email protected]
Enter Administrator's password:

Failed to join domain: failed to find DC for domain DOMAIN.AC.KE

By: bgabor
Reply  

Documentation is very helpful, but there are a little different on Ubuntu 11.04. Based on the documentation when I tried to join AD with "net ads join -U [email protected]" command I ran into this error:

Failed to join domain: failed to connect to AD: Malformed representation of principal

 If I clear the right side of the username it was succesful:

"net ads join -U Administrator"