Advertisment

Active Directory on Linux 

author-image
PCQ Bureau
New Update

It has long been possible to emulate traditional Win NT domains on Linux using Samba. Now, it is possible to add Active Directory to Linux's capabilities. We will use sadms (Samba Active Directory Member Server) to configure a Linux machine as a member server on a Win 2000 Active Directory domain so as to provide access to Linux resources, such as shares and printers, to Active Directory users. sadms is GUI based and automatically configures Samba, Kerberos and LDAP from a single screen.

Advertisment

Pre-requisites



You will need two machines. Install one as a Win 2000 Active Directory domain controller and implement Linux (we used Fedora Core 3) with Samba 3.0 and Kerberos 5 on the other. You should set proper FQDN (Fully Qualified Domain Name) on both machines. We used TESTDOMAIN.PCQ for the Win 2000 machine. Its NetBIOS name was TESTDOM while the host name for Linux box was LINADS. You must also give fixed IP addresses to both systems. 

Installing sadms



We have given sadms on this month's PCQ Essential CD. LINADS, copy the file sadms-install-fc-0.9.3.tar.gz to /root. Then open a terminal window and issue the following commands to unzip this file.

# cd /root



# tar -zxvf sadms-install-fc-0.9.3.tar.gz


# cd sadms-0.9.3

Advertisment
Direct Hit!
Applies to: Network administrators
USP: Graphically configure sadms to provide Active Directory users access to Linux resources
Links:

http://sadms.sourceforge.net 
On PCQ Essential CD:

\system\cdrom\linux\sadms\

Before installing sadms, you have to modify /etc/nsswitch.conf. Each of the three entries, namely Passwd, Shadow and Group, has a default setting of 'files' only. We need to add 'winbind' to all three and 'nis' to two (Shadow and Group) of them. Open the file in vi and change it as:

Passwd files winbind nis



Shadow files winbind


Group files winbind nis

Advertisment

Save this file and run the ./START (note the '.' at the beginning of the path) shell script from sadms-0.9.3 directory. This will open a GUI installation screen for you. Here click on the Wizard button, then from the same window click on the Pre-Check button. This will open an output window within the Install window. This shows whether the modules needed for sadms are correctly installed or not. If there are no errors, click on 'Enter Data'. Now you will get a data-entry screen. Here fill each 



field carefully as mentioned in the table on the following page.

Configure Samba, Kerberos and LDAP settings from a single screen using sadms

After inserting these values, click on the Wizard button again and then click on Install. This will start the installation process, which would now include a few modified configuration files in Linux. If successful, you get a message 'end of sadms install' on the output screen. 

Advertisment

Testing the setup



To test the setup, open a terminal window and type a login command. Then give a username and password that you have on your Windows Active Directory. If you are able to login, the setup is perfectly okay. Now the Active Directory users can access shared Linux resources as well. To test this feature, create a Samba share on your Linux machine by firing up Samba: Applications>System Settings>Server Settings> Samba. This will open a Samba configuration window. Click on the 'Add' button from its menu bar to open another pop-up window. Here, give the location of the directory that you want to share. From the same window, click on the Permission tab to set the permissions for 'Everyone'. Now, using any Windows machine, you can login to the Windows Active Directory that you have created on LINADS. After authentication, the user can see and access the Linux resources such as shares and printers. 

Values to enter in the data-entry screen for sadms configuration
Fields

Data strings to

be filled
Remarks
 Kerberos

realm
TESTDOMAIN.PCQ Should

be in all-caps. It's the DNS name of your Windows 2000 Server
Active

Directory DNS
192.168.0.1 IP of

the Win 2000 box
KDC-

Active Directory
testdom.testdomain.pcq Machine

plus DNS name of Windows 2000 Server
NETBIOS

Domain
TESTDOMAIN NETBIOS

domain name of Windows 2000 Server
NETBIOS

Server Name
LINADS NETBIOS

name of the Linux machine
Domain

User Group
Domain

User
Active

Directory domain users group
Host

allow            
192.168.0.0/255.255.255.0      Range

of the IPs that need access
 OU

to Place
(Leave

blank)
Optional
WINS

Server
192.168.0.1 IP of

your WINS Server (Optional)
Domain

Administrator Login    
Administrator Windows

2000 Server Administrator login
Domain

Administrator password     
(password) Admin

password of Windows 2000 Server

Sanjay Majumder

Advertisment