[Samba] Have I managed to join Kali Linux to Windows Active Directory Domain Successfully?
Rowland penny
rpenny at samba.org
Thu Jun 17 17:44:23 UTC 2021
On 17/06/2021 16:56, Turritopsis Dohrnii Teo En Ming via samba wrote:
> Subject: Have I managed to join Kali Linux to Windows Active Directory
> Domain Successfully?
>
> Good day from Singapore,
>
> This is the reference guide which I have followed.
>
> Article: Integrating a Linux Machine Into Windows Active Directory Domain
> Link:
> https://www.datasunrise.com/blog/professional-info/integrating-a-linux-machine-into-windows-active-directory-domain/
As per normal, there are errors 🙁
Do not put the DC's host info in /etc/hosts
The server line it tells you to put in /etc/ntp.conf isn't quite right,
it should be:
server dc.supermario.corp.net iburst prefer
you also need this line:
restrict dc.supermario.corp.net mask 255.255.255.255 nomodify notrap
nopeer noquery
You haven't installed all the required packages, you need:
acl xattr krb5-user libpam-krb5 libpam-ccreds auth-client-config samba
winbind libpam-winbind libnss-winbind ntp
You also need to remove sssd and realmd if they are installed.
/etc/krb5.conf needs only to have these lines:
[libdefaults]
default_realm = SUPERMARIO.CORP.NET
dns_lookup_realm = false
dns_lookup_kdc = true
Your /etc/samba/smb.conf should look similar to this:
[global]
workgroup = SUPERMARIO
realm = SUPERMARIO.CORP.NET
security = ADS
server string = %h server (Samba, Ubuntu)
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config SUPERMARIO : backend = rid
idmap config SUPERMARIO : range = 10000-999999
template shell = /bin/bash
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
domain master = no
local master = no
preferred master = no
dns proxy = no
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
Create /etc/samba/user.map containg this:
!root = SUPERMARIO\Administrator
You will need to remove every 'sss' from /nsswitch.conf and add
'winbind' to the 'passwd and 'group' lines.
Rowland
More information about the samba
mailing list