[Samba] Have I managed to join Kali Linux to Windows Active Directory Domain Successfully?

Rowland penny rpenny at samba.org
Thu Jun 17 17:44:23 UTC 2021

On 17/06/2021 16:56, Turritopsis Dohrnii Teo En Ming via samba wrote:
> Subject: Have I managed to join Kali Linux to Windows Active Directory 
> Domain Successfully?
> Good day from Singapore,
> This is the reference guide which I have followed.
> Article: Integrating a Linux Machine Into Windows Active Directory Domain
> Link: 
> https://www.datasunrise.com/blog/professional-info/integrating-a-linux-machine-into-windows-active-directory-domain/

As per normal, there are errors 🙁

Do not put the DC's host info in /etc/hosts

The server line it tells you to put in /etc/ntp.conf isn't quite right, 
it should be:

server dc.supermario.corp.net iburst prefer

you also need this line:

restrict dc.supermario.corp.net mask nomodify notrap 
nopeer noquery

You haven't installed all the required packages, you need:

acl xattr krb5-user libpam-krb5 libpam-ccreds auth-client-config samba 
winbind libpam-winbind libnss-winbind ntp

You also need to remove sssd and realmd if they are installed.

/etc/krb5.conf needs only to have these lines:

     default_realm = SUPERMARIO.CORP.NET
     dns_lookup_realm = false
     dns_lookup_kdc = true

Your /etc/samba/smb.conf should look similar to this:

     workgroup = SUPERMARIO
     security = ADS
     server string = %h server (Samba, Ubuntu)

     idmap config * : backend = tdb
     idmap config * : range = 3000-7999
     idmap config SUPERMARIO : backend = rid
     idmap config SUPERMARIO : range = 10000-999999
     template shell = /bin/bash

     winbind use default domain = yes
     winbind expand groups = 2
     winbind refresh tickets = Yes

     domain master = no
     local master = no
     preferred master = no
     dns proxy = no

     username map = /etc/samba/user.map

     vfs objects = acl_xattr
     map acl inherit = Yes

     log file = /var/log/samba/log.%m
     max log size = 1000
     syslog = 0
     panic action = /usr/share/samba/panic-action %d

Create /etc/samba/user.map containg this:

!root = SUPERMARIO\Administrator

You will need to remove every 'sss' from /nsswitch.conf and add 
'winbind' to the 'passwd and 'group' lines.


More information about the samba mailing list