by January 3, 2005 0 comments



It has long been possible to emulate traditional Win NT domains on Linux using Samba. Now, it is possible to add Active Directory to Linux’s capabilities. We will use sadms (Samba Active Directory Member Server) to configure a Linux machine as a member server on a Win 2000 Active Directory domain so as to provide access to Linux resources, such as shares and printers, to Active Directory users. sadms is GUI based and automatically configures Samba, Kerberos and LDAP from a single screen.

Pre-requisites
You will need two machines. Install one as a Win 2000 Active Directory domain controller and implement Linux (we used Fedora Core 3) with Samba 3.0 and Kerberos 5 on the other. You should set proper FQDN (Fully Qualified Domain Name) on both machines. We used TESTDOMAIN.PCQ for the Win 2000 machine. Its NetBIOS name was TESTDOM while the host name for Linux box was LINADS. You must also give fixed IP addresses to both systems. 

Installing sadms
We have given sadms on this month’s PCQ Essential CD. LINADS, copy the file sadms-install-fc-0.9.3.tar.gz to /root. Then open a terminal window and issue the following commands to unzip this file.

# cd /root
# tar -zxvf sadms-install-fc-0.9.3.tar.gz
# cd sadms-0.9.3

Direct Hit!
Applies to: Network administrators
USP: Graphically configure sadms to provide Active Directory users access to Linux resources
Links:
http://sadms.sourceforge.net 
On PCQ Essential CD:
\system\cdrom\linux\sadms\

Before installing sadms, you have to modify /etc/nsswitch.conf. Each of the three entries, namely Passwd, Shadow and Group, has a default setting of ‘files’ only. We need to add ‘winbind’ to all three and ‘nis’ to two (Shadow and Group) of them. Open the file in vi and change it as:

Passwd files winbind nis
Shadow files winbind
Group files winbind nis

Save this file and run the ./START (note the ‘.’ at the beginning of the path) shell script from sadms-0.9.3 directory. This will open a GUI installation screen for you. Here click on the Wizard button, then from the same window click on the Pre-Check button. This will open an output window within the Install window. This shows whether the modules needed for sadms are correctly installed or not. If there are no errors, click on ‘Enter Data’. Now you will get a data-entry screen. Here fill each 
field carefully as mentioned in the table on the following page.

Configure Samba, Kerberos and LDAP settings from a single screen using sadms

After inserting these values, click on the Wizard button again and then click on Install. This will start the installation process, which would now include a few modified configuration files in Linux. If successful, you get a message ‘end of sadms install’ on the output screen. 

Testing the setup
To test the setup, open a terminal window and type a login command. Then give a username and password that you have on your Windows Active Directory. If you are able to login, the setup is perfectly okay. Now the Active Directory users can access shared Linux resources as well. To test this feature, create a Samba share on your Linux machine by firing up Samba: Applications>System Settings>Server Settings> Samba. This will open a Samba configuration window. Click on the ‘Add’ button from its menu bar to open another pop-up window. Here, give the location of the directory that you want to share. From the same window, click on the Permission tab to set the permissions for ‘Everyone’. Now, using any Windows machine, you can login to the Windows Active Directory that you have created on LINADS. After authentication, the user can see and access the Linux resources such as shares and printers. 

Values to enter in the data-entry screen for sadms configuration
Fields  
Data strings to
be filled
Remarks
 Kerberos
realm
TESTDOMAIN.PCQ Should
be in all-caps. It’s the DNS name of your Windows 2000 Server
Active
Directory DNS
192.168.0.1 IP of
the Win 2000 box
KDC-
Active Directory
testdom.testdomain.pcq Machine
plus DNS name of Windows 2000 Server
NETBIOS
Domain
TESTDOMAIN NETBIOS
domain name of Windows 2000 Server
NETBIOS
Server Name
LINADS NETBIOS
name of the Linux machine
Domain
User Group
Domain
User
Active
Directory domain users group
Host
allow            
192.168.0.0/255.255.255.0      Range
of the IPs that need access
 OU
to Place
(Leave
blank)
Optional
WINS
Server
192.168.0.1 IP of
your WINS Server (Optional)
Domain
Administrator Login    
Administrator Windows
2000 Server Administrator login
Domain
Administrator password     
(password) Admin
password of Windows 2000 Server

Sanjay Majumder

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<