Spoiler : I actually found a much easier way to do this – click here if you’re trying to get this done ASAP! That being said, this article is still excellent for the learning experience. Enjoy!
I have some spare time on my hands this
Saturday entire freaking weekend and thought that I would clear up some of the confusion regarding running a mixed Linux / Microsoft environment; more specifically I will be doing a tutorial on integrating Ubuntu 12.10 into a Server 2008 Active Directory environment. The end goal for this exercise is going to be getting Active Directory and Ubuntu to communicate, then I’ll be setting up some basic Samba sharing with user permissions down the road. Enjoy :)
First things first, make sure that your DNS on both systems are healthy and talking to each other. Add a Static A record on the Server 2008 DC that points back to the Ubuntu machine that will be joining the domain. Check name resolution of this static entry by running ping -a against the IP in question. If it returns a hostname, that’s one step out of the way.
Now hop onto your Ubuntu box and configure networking with the following goals in mind; setting a static IP and routes, DNS, and adding host records for the Domain Controller ( DC01 in this case.) First let’s set a static IP – change directory ( cd ) to /etc/network/ , then list the contents of the working directory to reveal the “interfaces” file.
Now launch the text editor of your choice and open up the interfaces file, set the entries as follows while keeping it in tune with your network. Make sure to set the dns-nameservers line to point back to your domain controller. Don’t forget the gateway entry either, otherwise you won’t have any routing ;)
After restarting the /etc/init.d/networking/interfaces daemon, ping your localhost and an external IP to make sure that routing and DNS are working as intended.
Now that we’ve configured the static addressing on eth0 and are confident that it’s working correctly, it’s time to setup our hosts and resolv.conf files. Change directory to /etc/ and run the text editor of your choice against /etc/hosts. Add static entries for both the hostname of the domain controller, and the FQDN ( full domain ) as follows.
Ping the domain controller by hostname and confirm that it’s returning returning the expected IP address.
Now open up /etc/resolv.conf and set a static entry designating your domain controller as the primary DNS server.
Ping an external domain to confirm that DNS is healthy and functional.
Now that we’ve configured the most important part, we can start installing packages and configuring them accordingly to start talking to Active Directory, install the most current versions of Samba and Kerberos.
Reading through the verbose response, note that aptitude is suggesting the installation of additional packages. I’m only familiar with two of them, but go ahead and install them anyways – resolving package dependencies down the road sucks. Now that Samba has been installed, let’s get Kerberos out of the way.
You’ll be prompted to provide a name for the admin and kerberos servers, go ahead and set it to the Domain Controller for this tutorial.
Next we need to configure our authentication method, PAM in this case, so that it can talk with Active Directory. Navigate to /etc/pam.d and the following entries to the common-auth file.
Next up, add the following entries to /etc/pam.d/common-session.
Since we are the ones managing and maintaining the Active Directory machine, and also working with a forest functional level of Server 2008 on our domain, we can skip working with the ADAM tool from Microsoft and also having to extend our domain schema. However, it’s a good idea at this point to install the Server for NIS feature so you can effectively edit and manage the NIX attributes for AD objects ( users, computers etc ) with the GUI.
Hop onto your domain controller and open the server manager, expand the Roles for AD Directory Services, then Add Role Services. You’re looking for the Identity Management for UNIX role services, go ahead and install this role service and any other dependencies that it prompts you for.
Since this is a Microsoft product, of course we have to reboot ;)
Now the fun stuff; testing our Ubuntu system by querying the Active Directory server. It’s easier to figure out how to connect first, rather than reconfigure the settings over and over. Go ahead and install the following packages so we can run our queries.
Now point the installer towards the LDAP Server, and fill in the correct distinguished name values for your domain.
Accept the defaults until you reach the configuring ldap-auth-config portion, enter the correct values for your network.
Enter the password for the account in question and the package installation will finish. In the next part of the article, we’ll be working with the ldapsearch tool.