create_domain_member
Install a domain member server
To let a Linux server part of a Windows administered AD domain install Debian (current Debian 10) and then do the following:
- nano /etc/ssh/sshd_config
Permitrootlogin = yes
- service ssh restart
- apt update && apt upgrade && apt autoremove
- apt install net-tools dnsutils snmpd ntp
- nano etc/netwrok/interfces and change to static address like:
iface eth0 inet static
address 192.168.10.X
netmask 255.255.255.0
gateway 192.168.10.1
network 192.168.10.0
broadcast 192.168.10.255
dns-nameservers 192.168.10.1 192.168.10.11 192.168.10.13
dns-search domain.artit.nl"
- nano /etc/snmp/snmpd.conf
rocommunity public
sysServices 72
proc mountd
proc ntalkd 4
proc sendmail 10 1
disk / 10000
disk /var 5%
includeAllDisks 10%
load 12 10 5
trapsink localhost public
sysLocation 52.3206680,5.5342870
sysContact info@artit.nl
defaultMonitors yes
linkUpDownNotifications yes
master agentx "
- nano /etc/default/snmpd
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
- nano /etc/snmp/snmp.conf
#mibs:
- nano /etc/ntp.conf
pool 0.europe.pool.ntp.org iburst
pool 1.europe.pool.ntp.org iburst
pool 2.europe.pool.ntp.org iburst
pool 3.europe.pool.ntp.org iburst
pool 0.debian.pool.ntp.org iburst
pool 1.debian.pool.ntp.org iburst
pool 2.debian.pool.ntp.org iburst
pool 3.debian.pool.ntp.org iburst
# restrict -6 default kod notrap nomodify nopeer noquery limited
broadcast 192.168.10.255
# restrict ::
- service ntp restart
- show status with ntpq -p
- apt -y install realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs
Italic Textnano /etc/resolv.conf
domain domain.artit.nl
search domain.artit.nl.
nameserver 192.168.10.11
nameserver 192.168.10.1
nameserver 192.168.10.100
- realm discover DOMAIN.ARTIT.NL
- realm join DOMAIN.ARTIT.NL
- id administrator@DOMAIN.ARTIT.NL
- apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules
- nano /etc/samba/smb.conf
# ArtIT Domain Integration of SAMBA
[global]
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n
workgroup = VERIFY
winbind rpc only = yes
passwd program = /usr/bin/passwd %u
max log size = 1000
security = ads
template homedir = /home/%U
os level = 20
idmap config * : backend = tdb
syslog = 0
panic action = /usr/share/samba/panic-action %d
unix password sync = yes
realm = DOMAIN.ARTIT.NL
usershare allow guests = Yes
obey pam restrictions = Yes
idmap config domain.artit.nl : range = 10000-999999
wins support = true
winbind offline logon = false
pam password change = Yes
log file = /var/log/samba/log.%m
template shell = /bin/bash
idmap config domain.artit.nl : backend = rid
idmap config * : range = 3000-7999
map to guest = bad user
winbind use default domain = true
# Printer Section -------------------------------------------------------------------------
[printers]
comment = All Printers
browseable = yes
path = /var/spool/samba
printable = yes
guest ok = yes
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = yes
write list = root chris @"VERIFY\Administrators" @"VERIFY\Users"
# NETWORK SHARES --------------------------------------------------------------------------
[c$]
comment = Root Share
path = /
guest ok = no
browseable = yes
read only = no
create mask = 0775
directory mask = 0775
valid users = root chris @"VERIFY\Administrators" @"VERIFY\Users"
...
# End of configuration file --- ArtIT 22 april 2020 ---
- nano /etc/nsswitch.conf
passwd: files systemd winbind
group: files systemd winbind
- net ads join -U Administrator
- systemctl restart winbind
- Unordered List Itemwbinfo -u
You now have a running domain member in your network.
Your ArtIT Team
create_domain_member.txt · Last modified: 2020/04/22 16:17 by chris