How to configure Linux client to join samba4 domain

I have written one more article with the steps to configure FreeIPA server and client which can also act as an alternate to Microsoft Active Directory. And since FreeIPA is a GUI based, it can be a better alternative then Samba4.

Q: Is it possible to join Linux client to Samba4 Domain server? If Yes, How?

A: Yes it is possible. You can use a third party client tool to do the same i.e. Power Breaker Integration Services i.e PBIS earlier known as Likewise which is now purchased by BeyondTrust.For this article I will assume that you already have a working Samba 4 Domain Controller.

Login to the client Linux machine and download the pbis package from the below link
Download BeyondTrust PBIS package for linux or Mac

NOTE:

Since I am using RedHat I have used rpm package for the demo, please download the package as per your OS and bit size

To check the bit size of your linux machine follow the below link
Find bit size of your *nix machine

Once the package is downloaded, make the file executable as shown below

# chmod +x pbis-open-8.0.0.2016.linux.x86_64.rpm.sh

Install the package

# ./pbis-open-8.0.0.2016.linux.x86_64.rpm.sh
Creating directory pbis-open-8.0.0.2016.linux.x86_64.rpm
Verifying archive integrity... All good.
Uncompressing pbis-open-8.0.0.2016.linux.x86_64.rpm............
Would you like to install package for legacy links? (i.e.  /opt/likewise/bin/lw-find-user-by-name -> /opt/pbis/bin/find-user-by-name) (yes/no) yes
Would you like to install now? (yes/no) yes
Installing packages and old packages will be removed
Preparing...                ########################################### [100%]
   1:pbis-open-upgrade      ########################################### [100%]
Preparing...                ########################################### [100%]
   1:pbis-open              ########################################### [100%]
Setting up SELinux Policy Module

Importing registry...

Preparing...                ########################################### [100%]
   1:pbis-open-gui          ########################################### [100%]
Preparing...                ########################################### [100%]
   1:pbis-open-legacy       ########################################### [100%]

Installing Packages was successful

New libraries and configurations have been installed for PAM and NSS.
Please reboot so that all processes pick up the new versions.

As root, run domainjoin-gui or domainjoin-cli to join a domain with Active Directory credentials. Example:

domainjoin-cli join MYDOMAIN.COM MyJoinAccount

So the installation step was complete successfully now time to join your linux client to the domain server

# domainjoin-cli join TEST.COM administrator
Joining to AD Domain:   TEST.COM
With Computer DNS Name: server2.test.com

administrator@TEST.COM's password: [administrator password of Samba4 Domain server]
Warning: System restart required
Your system has been configured to authenticate to Active Directory for the first time.  It is recommended that you restart your system to ensure that all applications
recognize the new settings.

SUCCESS

Once the machine is successfully joined reboot the client machine for the change to take affect

After reboot verify if all the users under domain server are reflected on your client

NOTE:

Since you are using pbis so the commands to list users will differ, you can get list of all the commands under /opt/likewise/bin or /opt/pbis/bin

Use the below command and syntax domain\username

# /opt/pbis/bin/find-user-by-name test.com\administrator
User info (Level-0):
====================
Name:              administrator
SID:               S-1-5-21-2928479140-2576742891-3975546437-500
Uid:               1709179380
Gid:               1709179393
Gecos:             
Shell:             /bin/sh
Home dir:          /home/administrator
Logon restriction: NO

So as you see administrator user from my domain server is visible on my client. Now I also have a domain user "deepak" on my domain server. let me try to login from deepak on my client

login as: test.com\deepak
Using keyboard-interactive authentication.
Password: [password for deepak]
Last login: Wed May  7 11:16:29 2014 from 192.168.1.2
sh-4.1$ pwd
/home/local/TEST/deepak

So I have successfully logged in but into "sh" shell and my home location also shows different.

Well these are few things which has to be manually changed. Follow the below steps to do the same

On client
You can view all the configuration using the below command

# /opt/pbis/bin/config --dump

Look out for the parameters you want to change. For example

To avoid using your domain name every time you login for a user (in case you only have one domain added to your client)

# /opt/pbis/bin/config AssumeDefaultDomain true

To change the default home directory location for domain users

# /opt/pbis/bin/config HomeDirTemplate "%H/%U"
# /opt/pbis/bin/config Local_HomeDirTemplate "%H/%U"

To change the default login shell

# /opt/pbis/bin/config LoginShellTemplate /bin/bash
# /opt/pbis/bin/config Local_LoginShellTemplate /bin/bash

Next try to view your domain users

# /opt/pbis/bin/find-user-by-name deepak
User info (Level-0):
====================
Name:              deepak
SID:               S-1-5-21-2928479140-2576742891-3975546437-1107
Uid:               1709179987
Gid:               1709179393
Gecos:             deepak
Shell:             /bin/bash
Home dir:          /home/deepak
Logon restriction: NO
NOTE:

I have not used domain\username syntax in the above example

As you can see the changes have reflected as per login shell and home directory. So now you can try logging with your domain user

 

Related Articles
Samba 4.1 as Active Directory configuration guide
Changing password for Administrator in Samba4
Configure NTP server for Samba4
iptables rules for Samba 4 in Red Hat Linux
Samba4 related commands
Create Roaming Profiles in Samba4

 

4 thoughts on “How to configure Linux client to join samba4 domain”

Leave a Comment