LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-04-2004, 01:52 PM   #1
thomas289
LQ Newbie
 
Registered: Oct 2004
Location: Florida
Posts: 6

Rep: Reputation: 0
Joining Fedora to Windows Domain Controller


I have recently installed fedora on a few boxes. I want to try and join them to the domain. I have has sucess with one box, but was hard to do. Is there any easy way to join it to a domain? Also is there a way that a user that is on the Domain Controller log onto a fedora box? Thanks Thomas
 
Old 10-05-2004, 06:40 AM   #2
nordickiwi
Member
 
Registered: Oct 2004
Location: Stockholm Sweden
Distribution: Fedora 1-8,Familiar v0,7.2, Redhat 9.0, Knoppix, CentOS, Windows 2003,2000,XP,98,95, Exc
Posts: 39

Rep: Reputation: 15
Samba

NT 4.0 domain or W2k AD domain? there is a big difference when it comes to samba.

This is the Howto I used to intergrate a FC2 samba 3.0 maskin into AD as a "user" workstation, which also could be set up as a file/print server.
http://info.ccone.at/INFO/Samba/winbind.html

And if you want to set up your samba maskin as a NT 4.0 PDC, here is my smb.conf file of how i did that.
http://nordickiwi.no-ip.com/sysadmin...D_smb.conf.txt

I di this in a school enviroment with some help from our techer so I may not be able to answer all you questions.

/nordickiwi

Last edited by nordickiwi; 06-28-2005 at 09:14 AM.
 
Old 10-07-2004, 11:26 AM   #3
thomas289
LQ Newbie
 
Registered: Oct 2004
Location: Florida
Posts: 6

Original Poster
Rep: Reputation: 0
I am using W2K domain controller. I am using Fedora Core 2 on the linux boxes. Do i need to install or configure PAM? I looked around for PAM and could not find it on the fedora systems. Do i need to download it from somewhere?
Thanks Thomas
 
Old 10-07-2004, 01:48 PM   #4
nordickiwi
Member
 
Registered: Oct 2004
Location: Stockholm Sweden
Distribution: Fedora 1-8,Familiar v0,7.2, Redhat 9.0, Knoppix, CentOS, Windows 2003,2000,XP,98,95, Exc
Posts: 39

Rep: Reputation: 15
I don't think ther is any easy way to do add a Linux workstations to a AD domain, but foolling the steps in this file as closely as possible you should get there. http://info.ccone.at/INFO/Samba/winbind.html
-your PAM configuration files should be in /etc/pam.d (back up this folder before changing the configuration)

my notes from when i did it are here, http://nordickiwi.no-ip.com/sysadmin...D_smb.conf.txt you may find some of them helpful..........config files are there also. But my notes are in swedish........hard to read if you don't speak the language.

Last edited by nordickiwi; 06-28-2005 at 09:15 AM.
 
Old 10-21-2004, 09:40 AM   #5
thomas289
LQ Newbie
 
Registered: Oct 2004
Location: Florida
Posts: 6

Original Poster
Rep: Reputation: 0
I am able to join the Fedora machine to my domain and it shows up in the active directory. I was using the link that you gave me nordickiwi to configure PAM. I think i am getting closer, when i try and logon to the fedora machine using a user name from my domain controller and it asks to use the root directory then after that it says the administrator has disabled my account and goes back to the logon screen. I was able to do almost all of the commands on that site you gave me. What program should i use to edit the startup scripts. thanks Thomas
 
Old 10-27-2004, 10:30 PM   #6
makan007
LQ Newbie
 
Registered: Oct 2004
Distribution: Fedora Core 6
Posts: 14

Rep: Reputation: 0
FC2 on Winblind

For Windows, I enter the following to upgrade to domain:
Domain Name: test01.test.com
Username: test\marcus
Password: ******

For FC2:
What do I enter for 1)WinBlind Domain & 2)Winblind Domain Controller? What is template shell? And what is the format I need to enter on Domain Administrator in WinBlind when I click join Domain?
I set the security domain to DOMAIN.
Thanks.
 
Old 10-28-2004, 10:02 AM   #7
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
Quote:
Originally posted by thomas289
I am able to join the Fedora machine to my domain and it shows up in the active directory. I was using the link that you gave me nordickiwi to configure PAM. I think i am getting closer, when i try and logon to the fedora machine using a user name from my domain controller and it asks to use the root directory then after that it says the administrator has disabled my account and goes back to the logon screen. I was able to do almost all of the commands on that site you gave me. What program should i use to edit the startup scripts. thanks Thomas
Let's start from scratch. Here's a brief set of instructions to accomplish what you want. Some you will already have done. If what I'm saying in others is not clear, ask for more explanation.

I begin with assuming that you have Win2K Server promoted to Active Directory one one machine, and Fedora on another.

1. On the Fedora machine, open up /etc/samba/smb.conf with an editor (gedit is nice) and make the following changes:

1.a Change "WORKGROUP" to the netbios name of your Active Directory domain. For example, if you're active directory name is "mydomain.com", then change "WORKGROUP" to

workgroup = mydomain

1.b Change the security level to DOMAIN, i.e.

security = domain

1.c Configure the password server lines. Here I'm superstititous and always configure the wildcard "*" as well as all actual domain controllers on my Win2K domain:

password server = *

password server = dc-1 dc-2

Of course, you'll use the netbios names of the domain controllers on your domain, not "dc-1" or "dc-2" (unless you happen to name your domain controllers that way).

Save your changes and exit. You are done with smb.conf.

2. Join your Fedora machine to the Windows domain. With Fedora and Samba 3, the command is different that it was with earlier versions of Redhat and Samba. The command is

root# net join -S DOMPDC -UAdministrator%password

where DOMPDC is the name of a domain controller in your Active Directory domain, and the user info following -U are for a domain admin account in the Active Directory domain that can join machines to the domain.

3. Create identically named user accounts on the Active Directory domain and the Fedora machine. The passwords for the user accounts don't have to be the same, but it is not a bad idea for them to be the same, unless you don't plan on having your users actually ever log into the Fedora box. When I use a Samba machine as a file server for my Windows networks, I actually don't want my Windows users logging into the Samba machine, and will set up the user accounts on the Samba machine with a password they don't know about. They just need to get to their home folder on the Samba machine over the network, and the Windows domain controller will authenticate them with their Windows user info.

3a. Example: create "user1" as a user in the Active Directory domain, and create a "user1" on the Fedora box. The Fedora box will create a home folder for "user1" in \home\user1.

4. Now start Samba. From the command line you can do a simple:

#service smb start

I'm sure you'll want to make this permanent, i.e. have Samba start each time the Fedora machine starts. Redhat/Fedora has a nice little GUI applet for configuring services. It is your friend. If you haven't met it yet, meet it now. I'm not at a Redhat/Fedora machine right now, but on the "start" menu there are two "System" menu options. One of them points another menu called something like "Additional Server Settings" (could be a bad guess about the actual name). Inside it you'll see an option for "services" with a "gear" icon. Open it, scroll down the list of services until you come to "smb." Check it, and save your change. The next time the machine starts, smb will start also.

In Fedora, you can also get to the services GUI applet from the command line with the following command:

#system-config-services

5. We're done. Now it's time to test. If everything works like it ought to work, "user1" can sit down at a Windows workstation, log in, and then

5a. Browse the network until they find the fedora machine (say it is named "fedora"), double click on the machine name, and it should open up and show them their "user1" folder on the fedora machine. Or

5b. Map a network share to it as

\\fedora\user1

That's it. If you want to create additional shares on the fedora box that multiple users can access, read the Fedora /etc/samba/smb.conf file. It is heavily commented with lots of examples (look at the bottom half of the file) about the kind of file shares that can be created.
 
Old 10-28-2004, 10:04 AM   #8
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
Re: FC2 on Winblind

Quote:
Originally posted by makan007
For Windows, I enter the following to upgrade to domain:
Domain Name: test01.test.com
Username: test\marcus
Password: ******

For FC2:
What do I enter for 1)WinBlind Domain & 2)Winblind Domain Controller? What is template shell? And what is the format I need to enter on Domain Administrator in WinBlind when I click join Domain?
I set the security domain to DOMAIN.
Thanks.
Looks to me like you are hijacking somebody else's thread. We might want to take this to a new thread, but either way I'd want to know what you are trying to accomplish, and why you think you need winbind.
 
Old 10-28-2004, 09:38 PM   #9
makan007
LQ Newbie
 
Registered: Oct 2004
Distribution: Fedora Core 6
Posts: 14

Rep: Reputation: 0
Re: Re: FC2 on Winblind

Quote:
Originally posted by baz2
Looks to me like you are hijacking somebody else's thread. We might want to take this to a new thread, but either way I'd want to know what you are trying to accomplish, and why you think you need winbind.
I dun see what's wrong with posting a reply here since the topic is related.

Obj: To join my Fedora Workstation to my coy's domain server.
My previous post state very clearly.

Why use winbind?
Winbind can be use to join windows domain. If you have any alternative, you are most welcome to suggest.

Btw, there's a bug in "Join Domain" box of the gtk version incorrectly shows as EXAMPLE.COM: http://bugzilla.redhat.com/bugzilla/....cgi?id=124621

Hmm... what is gtk version?

Last edited by makan007; 10-28-2004 at 10:15 PM.
 
Old 10-29-2004, 08:51 AM   #10
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
Re: Re: Re: FC2 on Winblind

Quote:
Originally posted by makan007
I dun see what's wrong with posting a reply here since the topic is related.

Obj: To join my Fedora Workstation to my coy's domain server.
My previous post state very clearly.

Why use winbind?
Winbind can be use to join windows domain. If you have any alternative, you are most welcome to suggest.

Btw, there's a bug in "Join Domain" box of the gtk version incorrectly shows as EXAMPLE.COM: http://bugzilla.redhat.com/bugzilla/....cgi?id=124621

Hmm... what is gtk version?
1) The fact that the topic is related doesn't mean that we aren't hijacking the thread.

2) For a properly configured smb.conf, joining a fedora workstation to a domain is as simple as

root# net join -S DOMPDC -UAdministrator%password

where DOMPDC is the name of a domain controller in your Active Directory domain, and the user info following -U are for a domain admin account in the Active Directory domain that can join machines to the domain.

3) Winbind is not needed to join the workstation to a domain. That's done by the command in 2). What winbind does is allow Active Directory users to log in to the workstation locally using their Active Directory user info. Maybe that's what you want to do. But over half the people that post questions here about samba and then mention winbind aren't trying to do that, and don't really need samba. If the Active Directory users are merely going to access the machine remotely as a file server, i.e. access shares on the workstation from Windows hosts, winbind is unnecessary and just confuses people.
 
Old 10-31-2004, 10:17 PM   #11
makan007
LQ Newbie
 
Registered: Oct 2004
Distribution: Fedora Core 6
Posts: 14

Rep: Reputation: 0
Re: Re: Re: Re: FC2 on Winblind

Quote:
Originally posted by baz2
1) The fact that the topic is related doesn't mean that we aren't hijacking the thread.

2) For a properly configured smb.conf, joining a fedora workstation to a domain is as simple as

root# net join -S DOMPDC -UAdministrator%password

where DOMPDC is the name of a domain controller in your Active Directory domain, and the user info following -U are for a domain admin account in the Active Directory domain that can join machines to the domain.

3) Winbind is not needed to join the workstation to a domain. That's done by the command in 2). What winbind does is allow Active Directory users to log in to the workstation locally using their Active Directory user info. Maybe that's what you want to do. But over half the people that post questions here about samba and then mention winbind aren't trying to do that, and don't really need samba. If the Active Directory users are merely going to access the machine remotely as a file server, i.e. access shares on the workstation from Windows hosts, winbind is unnecessary and just confuses people.
So based on the following info,

For Windows, I enter the following to upgrade to domain:
Domain Name: test01.test.com
Username: test\marcus

What shall I enter in root# net join -S DOMPDC -UAdministrator%password
 
Old 11-02-2004, 01:18 AM   #12
makan007
LQ Newbie
 
Registered: Oct 2004
Distribution: Fedora Core 6
Posts: 14

Rep: Reputation: 0
UPZ.
 
Old 11-02-2004, 04:44 AM   #13
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
DOMPDC is the netbios name of the domain controller. In your case, test01.
 
Old 11-04-2004, 10:08 PM   #14
makan007
LQ Newbie
 
Registered: Oct 2004
Distribution: Fedora Core 6
Posts: 14

Rep: Reputation: 0
What shall I enter for -UAdministrator%password

In Windows,
Username: test\marcus
Password: abc

root# net join -S sg01 -UAdministrator%password
 
Old 11-05-2004, 09:37 AM   #15
baz2
Member
 
Registered: Nov 2002
Posts: 73

Rep: Reputation: 15
"Administrator" needs to be the name of a Windows user account with domain admin privileges, and "password" needs to be the password for that account.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
joining samba domain with fedora core 2 yenonn Linux - Networking 0 06-20-2005 01:10 AM
Joining Samba 3.0 Linux machine to a Windows AD Domain markham82 Linux - Networking 1 10-08-2004 04:21 AM
Joining a Windows 2000 domain w/ Samba linux_pioneer Linux - Networking 4 11-24-2003 03:31 PM
Samba - Joining Domain on Windows 2000/XP Vishi Linux - General 3 05-12-2003 03:13 AM
Joining a windows domain Lach_man Linux - Networking 0 12-05-2001 12:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration