It has long been possible to emulate traditional Win NT domains on Linux using Samba. Now, it is possible to add Active Directory to Linux's capabilities. We will use sadms (Samba Active Directory Member Server) to configure a Linux machine as a member server on a Win 2000 Active Directory domain so as to provide access to Linux resources, such as shares and printers, to Active Directory users. sadms is GUI based and automatically configures Samba, Kerberos and LDAP from a single screen.
You will need two machines. Install one as a Win 2000 Active Directory domain controller and implement Linux (we used Fedora Core 3) with Samba 3.0 and Kerberos 5 on the other. You should set proper FQDN (Fully Qualified Domain Name) on both machines. We used TESTDOMAIN.PCQ for the Win 2000 machine. Its NetBIOS name was TESTDOM while the host name for Linux box was LINADS. You must also give fixed IP addresses to both systems.
We have given sadms on this month's PCQ Essential CD. LINADS, copy the file sadms-install-fc-0.9.3.tar.gz to /root. Then open a terminal window and issue the following commands to unzip this file.
# cd /root
# tar -zxvf sadms-install-fc-0.9.3.tar.gz
# cd sadms-0.9.3
Before installing sadms, you have to modify /etc/nsswitch.conf. Each of the three entries, namely Passwd, Shadow and Group, has a default setting of 'files' only. We need to add 'winbind' to all three and 'nis' to two (Shadow and Group) of them. Open the file in vi and change it as:
Passwd files winbind nis
Shadow files winbind
Group files winbind nis
Save this file and run the ./START (note the '.' at the beginning of the path) shell script from sadms-0.9.3 directory. This will open a GUI installation screen for you. Here click on the Wizard button, then from the same window click on the Pre-Check button. This will open an output window within the Install window. This shows whether the modules needed for sadms are correctly installed or not. If there are no errors, click on 'Enter Data'. Now you will get a data-entry screen. Here fill each
field carefully as mentioned in the table on the following page.
After inserting these values, click on the Wizard button again and then click on Install. This will start the installation process, which would now include a few modified configuration files in Linux. If successful, you get a message 'end of sadms install' on the output screen.
Testing the setup
To test the setup, open a terminal window and type a login command. Then give a username and password that you have on your Windows Active Directory. If you are able to login, the setup is perfectly okay. Now the Active Directory users can access shared Linux resources as well. To test this feature, create a Samba share on your Linux machine by firing up Samba: Applications>System Settings>Server Settings> Samba. This will open a Samba configuration window. Click on the 'Add' button from its menu bar to open another pop-up window. Here, give the location of the directory that you want to share. From the same window, click on the Permission tab to set the permissions for 'Everyone'. Now, using any Windows machine, you can login to the Windows Active Directory that you have created on LINADS. After authentication, the user can see and access the Linux resources such as shares and printers.