This is an old revision of the document!
Install a domain member server
To let a Linux server part of a Windows administered AD domain install Debian (current Debian 10) and then do the following:
- “Nano /etc/ssh/sshd_config and edit to Permitrootlogin = yes”
- service ssh restart
- apt update && apt upgrade && apt autoremove
- apt install net-tools dnsutils snmpd ntp
- “nano /etc/netwrok/interfces and change to static address like:
iface eth0 inet static
address 192.168.10.X
netmask 255.255.255.0
gateway 192.168.10.1
network 192.168.10.0
broadcast 192.168.10.255
dns-nameservers 192.168.10.1 192.168.10.11 192.168.10.13
dns-search domain.artit.nl"
- "nano /etc/snmp/snmpd.conf
rocommunity public sysServices 72 proc mountd proc ntalkd 4 proc sendmail 10 1 disk / 10000 disk /var 5% includeAllDisks 10% load 12 10 5 trapsink localhost public sysLocation 52.3206680,5.5342870 sysContact info@artit.nl defaultMonitors yes linkUpDownNotifications yes master agentx ” 7 “nano /etc/default/snmpd SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid' ” 8 “nano /etc/snmp/snmp.conf #mibs :” 9 “nano /etc/ntp.conf pool 0.europe.pool.ntp.org iburst pool 1.europe.pool.ntp.org iburst pool 2.europe.pool.ntp.org iburst pool 3.europe.pool.ntp.org iburst pool 0.debian.pool.ntp.org iburst pool 1.debian.pool.ntp.org iburst pool 2.debian.pool.ntp.org iburst pool 3.debian.pool.ntp.org iburst
# restrict -6 default kod notrap nomodify nopeer noquery limited
broadcast 192.168.10.255
# restrict ::” 10 service ntp restart 11 show status with ntpq -p 12 apt -y install realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs 13 “nano /etc/resolv.conf domain domain.artit.nl search domain.artit.nl. nameserver 192.168.10.11 nameserver 192.168.10.1 nameserver 192.168.10.100” 14 realm discover DOMAIN.ARTIT.NL 15 realm join DOMAIN.ARTIT.NL 16 id administrator@DOMAIN.ARTIT.NL 17 apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules 18 “nano /etc/samba/smb.conf # ArtIT Domain Integration of SAMBA [global]
workgroup = VERIFY
realm = DOMAIN.ARTIT.NL
security = ads
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN.ARTIT.NL : backend = rid
idmap config DOMAIN.ARTIT.NL : range = 10000-999999
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind rpc only = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
usershare allow guests = Yes
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n
*password\supdated\ssuccessfully*
passwd program = /usr/bin/passwd %u
unix password sync = yes
map to guest = bad user
# Printer Section ————————————————————————-
[printers]
comment = All Printers
browseable = yes
path = /var/spool/samba
printable = yes
guest ok = yes
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = yes
write list = root, administrators@DOMANIN.ARTIT.NL
# NETWORK SHARES ————————————————————————–
[c$]
comment = Root Share
path = /
guest ok = no
browseable = no
read only = no
# NETWORK SHARES ————————————————————————–
[c$]
comment = Root Share
path = /
guest ok = no
browseable = no
read only = no"
19 “nano /etc/nsswitch.conf passwd: files systemd winbind group: files systemd winbind” 20 net ads join -U Administrator 21 systemctl restart winbind 22 wbinfo -u