===Install a domain member server=== To let a Linux server part of a Windows administered AD domain install Debian (current Debian 10) and then do the following: * //nano /etc/ssh/sshd_config// Permitrootlogin = yes * //service ssh restart// * //apt update && apt upgrade && apt autoremove// * //apt install net-tools dnsutils snmpd ntp// * //nano etc/netwrok/interfces// and change to static address like: iface eth0 inet static address 192.168.10.X netmask 255.255.255.0 gateway 192.168.10.1 network 192.168.10.0 broadcast 192.168.10.255 dns-nameservers 192.168.10.1 192.168.10.11 192.168.10.13 dns-search domain.artit.nl" * //nano /etc/snmp/snmpd.conf// rocommunity public sysServices 72 proc mountd proc ntalkd 4 proc sendmail 10 1 disk / 10000 disk /var 5% includeAllDisks 10% load 12 10 5 trapsink localhost public sysLocation 52.3206680,5.5342870 sysContact info@artit.nl defaultMonitors yes linkUpDownNotifications yes master agentx " * //nano /etc/default/snmpd// SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid' * //nano /etc/snmp/snmp.conf// #mibs: * //nano /etc/ntp.conf// pool 0.europe.pool.ntp.org iburst pool 1.europe.pool.ntp.org iburst pool 2.europe.pool.ntp.org iburst pool 3.europe.pool.ntp.org iburst pool 0.debian.pool.ntp.org iburst pool 1.debian.pool.ntp.org iburst pool 2.debian.pool.ntp.org iburst pool 3.debian.pool.ntp.org iburst # restrict -6 default kod notrap nomodify nopeer noquery limited broadcast 192.168.10.255 # restrict :: * //service ntp restart// * show status with //ntpq -p// * //apt -y install realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs// //Italic Text//nano /etc/resolv.conf domain domain.artit.nl search domain.artit.nl. nameserver 192.168.10.11 nameserver 192.168.10.1 nameserver 192.168.10.100 * //realm discover DOMAIN.ARTIT.NL// * //realm join DOMAIN.ARTIT.NL// * //id administrator@DOMAIN.ARTIT.NL// * //apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules// * //nano /etc/samba/smb.conf// # ArtIT Domain Integration of SAMBA [global] passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n workgroup = VERIFY winbind rpc only = yes passwd program = /usr/bin/passwd %u max log size = 1000 security = ads template homedir = /home/%U os level = 20 idmap config * : backend = tdb syslog = 0 panic action = /usr/share/samba/panic-action %d unix password sync = yes realm = DOMAIN.ARTIT.NL usershare allow guests = Yes obey pam restrictions = Yes idmap config domain.artit.nl : range = 10000-999999 wins support = true winbind offline logon = false pam password change = Yes log file = /var/log/samba/log.%m template shell = /bin/bash idmap config domain.artit.nl : backend = rid idmap config * : range = 3000-7999 map to guest = bad user winbind use default domain = true # Printer Section ------------------------------------------------------------------------- [printers] comment = All Printers browseable = yes path = /var/spool/samba printable = yes guest ok = yes read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = yes write list = root chris @"VERIFY\Administrators" @"VERIFY\Users" # NETWORK SHARES -------------------------------------------------------------------------- [c$] comment = Root Share path = / guest ok = no browseable = yes read only = no create mask = 0775 directory mask = 0775 valid users = root chris @"VERIFY\Administrators" @"VERIFY\Users" ... # End of configuration file --- ArtIT 22 april 2020 --- * //nano /etc/nsswitch.conf// passwd: files systemd winbind group: files systemd winbind * //net ads join -U Administrator// * //systemctl restart winbind// * //Unordered List Itemwbinfo -u// You now have a running domain member in your network. Your ArtIT Team \\ \\ **[[linux|BACK]]**