This example shows to configure on the environment below.
sudo apt install winbind libpam-winbind libnss-winbind krb5-config
and answer:
# set Realm +------------------+ Configuring Kerberos Authentication +------------------+ | When users attempt to use Kerberos and specify a principal or user name | | without specifying what administrative Kerberos realm that principal | | belongs to, the system appends the default realm. The default realm may | | also be used as the realm of a Kerberos service running on the local | | machine. Often, the default realm is the uppercase version of the local | | DNS domain. | | | | Default Kerberos version 5 realm: | | | | SRV.SHAREWIZ_____________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ # specify hostname of AD DS +--------------+ Configuring Kerberos Authentication +---------------+ | Enter the hostnames of Kerberos servers in the SRV.SHAREWIZ | | Kerberos realm separated by spaces. | | | | Kerberos servers for your realm: | | | | sw1s.srv.sharewiz_________________________________________________ | | | | <Ok> | | | +--------------------------------------------------------------------+ # specify hostname of AD DS +------------------+ Configuring Kerberos Authentication +------------------+ | Enter the hostname of the administrative (password changing) server for | | the SRV.SHAREWIZ Kerberos realm. | | | | Administrative server for your Kerberos realm: | | | | sw1s.srv.sharewiz________________________________________________________ | | | | <Ok> | | | +------------------------------
Edit the samba config file as root: /etc/samba/smb.conf
# line 29: change NetBIOS Name to AD DS's one and add like follows workgroup = SW1S01 password server = sw1s.srv.sharewiz realm = SRV.SHAREWIZ security = ads idmap config * : range = 16777216-33554431 template homedir = /home/%U template shell = /bin/bash winbind use default domain = true winbind offline logon = false
Edit the nsswitch config file as root: /etc/nsswitch.conf
# line 7: add like follows
passwd: compat systemd winbind
group: compat systemd winbind
shadow: compat winbind
Edit the PAM config as root: /etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login) session optional pam_mkhomedir.so skel=/etc/skel umask=077
Edit netplan config.
# change DNS to refer to AD nameservers: addresses: [192.168.1.1.8]
Apply netplan changes:
sudo netplan apply
Join Active Directory (net ads join -U [AD's admin user])
sudo net ads join -U Administrator Enter Administrator's password: Using short domain name -- SW1S01 Joined 'SMB' to dns domain 'srv.sharewiz'
Restart winbind
sudo systemctl restart winbind
wbinfo -u
returns:
administrator guest defaultaccount peter
Try to switch to an AD user
sudo su - serverworld Creating directory '/home/peter'. peter@smb:~$