Active Directory on Linux 

HP-Compaq: MNC Brand of the Year

Access Samba over the Web

Notebooks’ Specs: The Most Expensive and Feature Rich Laptops

Wipro: Indian Brand of the Year

It has long been possible to emulate traditional Win NT domains on Linux using Samba. Now, it is possible to add Active Directory to Linux's capabilities. We will use sadms (Samba Active Directory Member Server) to configure a Linux machine as a member server on a Win 2000 Active Directory domain so as to provide access to Linux resources, such as shares and printers, to Active Directory users. sadms is GUI based and automatically configures Samba, Kerberos and LDAP from a single screen.

You will need two machines. Install one as a Win 2000 Active Directory domain controller and implement Linux (we used Fedora Core 3) with Samba 3.0 and Kerberos 5 on the other. You should set proper FQDN (Fully Qualified Domain Name) on both machines. We used TESTDOMAIN.PCQ for the Win 2000 machine. Its NetBIOS name was TESTDOM while the host name for Linux box was LINADS. You must also give fixed IP addresses to both systems. 

Installing sadms
We have given sadms on this month's PCQ Essential CD. LINADS, copy the file sadms-install-fc-0.9.3.tar.gz to /root. Then open a terminal window and issue the following commands to unzip this file.

# cd /root
# tar -zxvf sadms-install-fc-0.9.3.tar.gz
# cd sadms-0.9.3

Direct Hit!
Applies to: Network administrators
USP: Graphically configure sadms to provide Active Directory users access to Linux resources
On PCQ Essential CD: \\system\\cdrom\\linux\\sadms\\

Before installing sadms, you have to modify /etc/nsswitch.conf. Each of the three entries, namely Passwd, Shadow and Group, has a default setting of 'files' only. We need to add 'winbind' to all three and 'nis' to two (Shadow and Group) of them. Open the file in vi and change it as:

Passwd files winbind nis
Shadow files winbind
Group files winbind nis

Save this file and run the ./START (note the '.' at the beginning of the path) shell script from sadms-0.9.3 directory. This will open a GUI installation screen for you. Here click on the Wizard button, then from the same window click on the Pre-Check button. This will open an output window within the Install window. This shows whether the modules needed for sadms are correctly installed or not. If there are no errors, click on 'Enter Data'. Now you will get a data-entry screen. Here fill each 
field carefully as mentioned in the table on the following page.

Configure Samba, Kerberos and LDAP settings from a single screen using sadms

After inserting these values, click on the Wizard button again and then click on Install. This will start the installation process, which would now include a few modified configuration files in Linux. If successful, you get a message 'end of sadms install' on the output screen. 

Testing the setup
To test the setup, open a terminal window and type a login command. Then give a username and password that you have on your Windows Active Directory. If you are able to login, the setup is perfectly okay. Now the Active Directory users can access shared Linux resources as well. To test this feature, create a Samba share on your Linux machine by firing up Samba: Applications>System Settings>Server Settings> Samba. This will open a Samba configuration window. Click on the 'Add' button from its menu bar to open another pop-up window. Here, give the location of the directory that you want to share. From the same window, click on the Permission tab to set the permissions for 'Everyone'. Now, using any Windows machine, you can login to the Windows Active Directory that you have created on LINADS. After authentication, the user can see and access the Linux resources such as shares and printers. 

Values to enter in the data-entry screen for sadms configuration
Fields   Data strings to be filled Remarks
 Kerberos realm TESTDOMAIN.PCQ Should be in all-caps. It's the DNS name of your Windows 2000 Server
Active Directory DNS IP of the Win 2000 box
KDC- Active Directory testdom.testdomain.pcq Machine plus DNS name of Windows 2000 Server
NETBIOS Domain TESTDOMAIN NETBIOS domain name of Windows 2000 Server
NETBIOS Server Name LINADS NETBIOS name of the Linux machine
Domain User Group Domain User Active Directory domain users group
Host allow         Range of the IPs that need access
 OU to Place (Leave blank) Optional
WINS Server IP of your WINS Server (Optional)
Domain Administrator Login     Administrator Windows 2000 Server Administrator login
Domain Administrator password      (password) Admin password of Windows 2000 Server

Sanjay Majumder

  • Follow PCQuest on
  • become a fan on
  • Stay updated via
  • RSS


Notify me of follow-up comments via e-mail address

Post Comment

Survey Box

Now that Microsoft has finally discontinued support for Windows XP, which OS are you likely to upgrade to?

Send this article by email