• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Wednesday, May 07, 2014

    How to configure Linux client to join samba4 domain

    Q: Is it possible to join Linux client to Samba4 Domain server? If Yes, How?

    A: Yes it is possible. You can use a third party client tool to do the same i.e. Power Breaker Integration Services i.e PBIS earlier known as Likewise which is now purchased by BeyondTrust.

    For this article I will assume that you already have a working Samba 4 Domain Controller.

    Login to the client Linux machine and download the pbis package from the below link
    Download BeyondTrust PBIS package for linux or Mac

    NOTE: Since I am using RedHat I have used rpm package for the demo, please download the package as per your OS and bit size
    To check the bit size of your linux machine follow the below link
    Find bit size of your *nix machine

    Once the package is downloaded, make the file executable as shown below
    # chmod +x pbis-open-8.0.0.2016.linux.x86_64.rpm.sh
    Install the package
    # ./pbis-open-8.0.0.2016.linux.x86_64.rpm.sh
    Creating directory pbis-open-8.0.0.2016.linux.x86_64.rpm
    Verifying archive integrity... All good.
    Uncompressing pbis-open-8.0.0.2016.linux.x86_64.rpm............
    Would you like to install package for legacy links? (i.e.  /opt/likewise/bin/lw                                                                                         -find-user-by-name -> /opt/pbis/bin/find-user-by-name) (yes/no)
    yes
    Would you like to install now? (yes/no) yes
    Installing packages and old packages will be removed
    Preparing...                ########################################### [100%]
       1:pbis-open-upgrade      ########################################### [100%]
    Preparing...                ########################################### [100%]
       1:pbis-open              ########################################### [100%]
    Setting up SELinux Policy Module

    Importing registry...

    Preparing...                ########################################### [100%]
       1:pbis-open-gui          ########################################### [100%]
    Preparing...                ########################################### [100%]
       1:pbis-open-legacy       ########################################### [100%]
    Installing Packages was successful

    New libraries and configurations have been installed for PAM and NSS.
    Please reboot so that all processes pick up the new versions.

    As root, run domainjoin-gui or domainjoin-cli to join a domain so you can log o                                                                                         n
    with Active Directory credentials. Example:
    domainjoin-cli join MYDOMAIN.COM MyJoinAccount

    So the installation step was complete successfully now time to join your linux client to the domain server
    # domainjoin-cli join TEST.COM administrator
    Joining to AD Domain:   TEST.COM
    With Computer DNS Name: server2.test.com

    administrator@TEST.COM's password:
    [administrator password of Samba4 Domain server]
    Warning: System restart required
    Your system has been configured to authenticate to Active Directory for the first time.  It is recommended that you restart your system to ensure that all applications
    recognize the new settings.

    SUCCESS

    Once the machine is successfully joined reboot the client machine for the change to take affect

    After reboot verify if all the users under domain server are reflected on your client

    NOTE: Since you are using pbis so the commands to list users will differ, you can get list of all the commands under /opt/likewise/bin or /opt/pbis/bin

    Use the below command and syntax domain\\username
    # /opt/pbis/bin/find-user-by-name test.com\\administrator
    User info (Level-0):
    ====================
    Name:              administrator
    SID:               S-1-5-21-2928479140-2576742891-3975546437-500
    Uid:               1709179380
    Gid:               1709179393
    Gecos:             <null>
    Shell:             /bin/sh
    Home dir:          /home/administrator
    Logon restriction: NO

    So as you see administrator user from my domain server is visible on my client. Now I also have a domain user "deepak" on my domain server. let me try to login from deepak on my client
    login as: test.com\deepak
    Using keyboard-interactive authentication.
    Password: [password for deepak]
    Last login: Wed May  7 11:16:29 2014 from 192.168.1.2
    sh-4.1$ pwd
    /home/local/TEST/deepak

    So I have successfully logged in but into "sh" shell and my home location also shows different.

    Well these are few things which has to be manually changed. Follow the below steps to do the same

    On client
    You can view all the configuration using the below command
    # /opt/pbis/bin/config --dump
    Look out for the parameters you want to change. For example

    To avoid using your domain name every time you login for a user (in case you only have one domain added to your client)
    # /opt/pbis/bin/config AssumeDefaultDomain true
    To change the default home directory location for domain users
    # /opt/pbis/bin/config HomeDirTemplate "%H/%U"
    # /opt/pbis/bin/config Local_HomeDirTemplate "%H/%U"

    To change the default login shell
    # /opt/pbis/bin/config LoginShellTemplate /bin/bash
    # /opt/pbis/bin/config Local_LoginShellTemplate /bin/bash

    Next try to view your domain users
    # /opt/pbis/bin/find-user-by-name deepak
    User info (Level-0):
    ====================
    Name:              deepak
    SID:               S-1-5-21-2928479140-2576742891-3975546437-1107
    Uid:               1709179987
    Gid:               1709179393
    Gecos:             deepak
    Shell:             /bin/bash
    Home dir:          /home/deepak
    Logon restriction: NO

    NOTE: I have not used domain\username syntax in the above example

    As you can see the changes have reflected as per login shell and home directory. So now you can try logging with your domain user

    Related Articles
    Samba 4.1 as Active Directory configuration guide
    Changing password for Administrator in Samba4
    Configure NTP server for Samba4
    iptables rules for Samba 4 in Red Hat Linux
    Samba4 related commands
    Create Roaming Profiles in Samba4


    Follow the below links for more tutorials

    Step by Step Linux Boot Process Explained In Detail
    Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    How to secure Apache web server in Linux using password (.htaccess)
    How to register Red Hat Linux with RHN (Red Hat Network )
    15 tips to enhance security of your Linux machine
    How does a DNS query works when you type a URL on your browser?
    How to create password less ssh connection for multiple non-root users
    How to create user without useradd command in Linux
    How to unlink/delete a symbolic in Linux
    How to give normal user root privileges using sudo in Linux/Unix
    How to do Ethernet/NIC bonding/teaming in Red Hat Linux
    How to install/uninstall/upgrade rpm package with/without dependencies
    Why is Linux more secure than windows and any other OS
    What is the difference between "su" and "su -" in Linux?
    What is swappiness and how do we change its value?

    4 comments:

    1. Is it mounting shared folders by user group?

      ReplyDelete
      Replies
      1. All the shares on your domain server will be accessible by the domain user on any client under domain

        Delete
    2. I make as you show but I meet a error: "Received error while querying lwsmd. [code 0x00000002]"
      what can i do? Please, thank

      ReplyDelete
    3. I make as you show but i have an error: "Received error while querying lwsmd. [code 0x00000002]". What could i do? Please, thank.

      ReplyDelete