Using Debian as domain controller in a Windows network
I didn’t find the for the moment to comment the commands used, but for the moment these are the steps I used.

apt-get install vim
apt-get install apache2
apt-get install libapache2-mod-php4
FQDN error
vi /etc/hosts
192.168.1.190 server.legacycode.lan server localhost
 
apt-get install slapd
DNS domain: legacycode.lan
Name of organization: legacycode.lan
 
wget http://www.nomis52.net/data/mkntpwd.tar.gz
tar zxf mkntpwd.tar.gz
cd mkntpwd
make
cp mkntpwd /usr/local/bin
 
apt-get install samba samba-doc
cd /usr/share/doc/samba-doc/examples/LDAP
gunzip samba.schema.gz
cp samba.schema /etc/ldap/schema/
vi /etc/ldap/slapd.conf
include         /etc/ldap/schema/samba.schema
/etc/init.d/slapd restart
 
apt-get install db4.2-util
 
apt-get install phpldapadmin
Authentication type: session
Configure webserver: apache2
Restart: yes
 
cd /usr/share/doc/samba-doc/examples/LDAP/smbldap-tools-0.8.7
gunzip smbldap.conf.gz
mkdir /etc/smbldap-tools/
cp smbldap.conf /etc/smbldap-tools/
cp smbldap_bind.conf /etc/smbldap-tools/
net getlocalsid
(copy SID (S-1-5-21-1646905445-4160608177-2293427999))
vi /etc/smbldap-tools/smbldap.conf
*replace sid
suffix="dc=legacycode,dc=lan"
mailDomain="legacycode.lan"
hash_encrypt="MD5"
sambaUnixIdPooldn="sambaDomainName=LEGACYCODE,${suffix}"
 
apt-get install libnet-ldap-perl
apt-get install libcrypt-smbhash-perl
vi /etc/smbldap-tools/smbldap_bind.conf
cn=admin,dc=legacycode,dc=lan
Pw="password"
smbldap-populate
 
http://server.legacycode.lan/phpldapadmin/
 
delete sambaDomainName!
 
vi /etc/samba/smb.conf
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=legacycode,dc=lan
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=legacycode,dc=lan
ldap delete dn = no
# be a PDC
domain logons = yes
# allow user privileges
enable privileges = yes
 
smbpasswd -w password
/etc/init.d/samba restart
 
//S-1-5-21-3794264148-3631614111-1670683845
vi /usr/share/phpldapadmin/templates/template_config.php
// uncomment to set the base dn of posix groups
// default is set to the base dn of the server
$base_posix_groups="ou=groups,dc=legacycode,dc=lan";
$samba3_domains []  =
array(  'name'   => 'nomis52',
        'sid' => 'S-1-5-21-1646905445-4160608177-2293427999' );
// The base dn of samba group. (CUSTOMIZE)
$samba_base_groups = "ou=groups,dc=legacycode,dc=lan";
 
apt-get install libnss-ldap
LDAP Server Host: 127.0.0.1
DN of Search Base: dc=legacycode,dc=lan
LDAP Version: 3
Database requires login: no
Make config readable by owner only: yes
 
vi /etc/nsswitch.conf
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
 
getent group
apt-get install libpam-ldap
Make local root db admin: yes
Database requires logging in : no
Root login account : cn=admin,dc=legacycode,dc=lan
Root password : password
Crypt : MD5
 
/etc/pam.d/common-account
# Comment out the next line
#account required pam_unix.so
# and add these two
account sufficient pam_ldap.so
account required pam_unix.so try_first_pass
 
/etc/pam.d/common-auth
# comment out the next line
#auth required pam_unix.so nullok_secure
# and add these two
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
 
/etc/pam.d/common-password
# comment out the next line
#password required pam_unix.so nullok obscure min=4 max=8 md5
# and add these two
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass 
 
apt-get install nscd
 
samba afconfigureren
/etc/samba/smb.conf
netbios name = server
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%m"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
ldap password sync = yes
 [homes]
   comment = Home
   valid users = %S
   read only = no
   browsable = no
 [printers]
   comment = All Printers
   path = /var/spool/samba
   printable = yes
   guest ok = yes
   browsable = no
 [netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   admin users = Administrator
   valid users = %U
   read only = no
 [profile]
   comment = User profiles
   path = /home/samba/profiles
   valid users = %U
   create mode = 0600
   directory mode = 0700
   writable = yes
   browsable = no
 
mkdir /home/samba
mkdir /home/samba/netlogon
mkdir /home/samba/profiles
mkdir /var/spool/samba
chmod 777 /var/spool/samba/
chown -R root:users /home/samba/
chmod -R 771 /home/samba/
 
smbpasswd -a domadmin1
use phpldapadmin to add user to the Domain Admins <img src="/web/20120304212301im_/https://www.legacycode.net/wp-includes/images/smilies/icon_wink.gif" alt=";)" class="wp-smiley">
net rpc -Udomadmin1 rights grant "Domain Admins" SeMachineAccountPrivilege
 
apt-get install bind9 bind9-doc dnsutils
vi /etc/bind/named.conf.options
 forwarders {
                192.168.1.1;
 };
 allow-transfer { none; };
 
vi /etc/bind/named.conf.local
zone "legacycode" {
    type master;
    file "/etc/bind/zone.legacycode.lan";
};
zone "1.168.192.in-addr.arpa"{
    type master;
    file "/etc/bind/zone.1.168.192.in-addr.arpa";
};
 
/etc/bind/zone.legacycode.lan
@    IN SOA server.legacycode.lan. support.legacycode.lan. (
        20060702
        172800
        960
        1209600
        3600
)
@    IN    NS server.legacycode.lan.
server    IN    A    192.168.1.190
 
/etc/bind/zone.1.168.192.in-addr.arpa
@ IN SOA server.legacycode.lan. support.legacycode.lan. (
 20060702
 172800
 960
 1209600
 3600
)
@    IN    NS server.legacycode.lan.
190    IN    PTR server.legacycode.lan.
 
Add WindowsXP Client
LEGACYCODE.lan
domadmin1 (= Domain Administrator account)
...
 
apt-get install squid
/etc/squid/squid.conf
acl mynetwork src 192.168.1.0/255.255.255.0
http_access allow mynetwork
 
apt-get install ntpdate
 
 smbldap-useradd -a -d /home/user1 -k /etc/skel user1
smbldap-passwd user1
\\SERVER\homes\<user>
\\SERVER\homes\<user>\profile
 
smbldap-adduser.sh
#!/bin/bash
if  [ ! -e /home/$1 ] ; then
   echo "Creating home dir for $1" >>/var/log/smbldap-adduser.log
   mkdir -p /home/$1
   cp /etc/skel/* /home/$1
   cp /etc/skel/.* /home/$1
fi
mkdir -p /home/$1/profile
smbldap-useradd -a -d /home/$1 $1
smbldap-usermod -C "" $1
smbldap-usermod -D "" $1
smbldap-usermod -E "" $1
smbldap-usermod -F "" $1
chown -R "$1":"Domain Users" /home/$1
chmod -R 750 /home/$1
smbldap-passwd $1
exit 0
 
chown -R "Administrator":"Domain Users" /home/samba/netlogon/
chown -R "Administrator":"Domain Users" /home/samba/profiles/
chmod 740 /home/samba/netlogon/<user>.cmd

Tags: Active Directory, Debian, Linux, Samba, Windows

This entry was posted on Thursday, October 12th, 2006 at 10:26 and is filed under ActiveDirectory, Debian, IT related, Linux, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.