JoinWindowsDomain

Revision 3 as of 2007-08-29 21:46:36

Clear message

Joining Ubuntu 7.04 Feisty to a Windows 2003 Domain

This page is a step-by-step walkthrough of how I joined my fresh install of 7.04 Feisty to my Windows 2003 domain. I'll use a standard placeholders as follows:

FQDN of the Domain Controller

domain-controller.domain.local

Domain Controller IP

192.168.0.2

Domain short NETBIOS name

shortname

Computer name being joined

computer-name

DC Administrator login

Administrator

DC Administrator password

password

Substitute your own values, paying attention to capitalization, as it can screw things up.

Preparation

  1. Enable root by setting the root password. This is bad for security, yes, but essential if you get to the point where you can't login (which is quite possible, since we'll be messing with the PAM). 

    sudo passwd root
Password: <enter your current account password here>
Enter new UNIX password: <enter desired root password here>
Retype new UNIX password: <retype it here>
passwd: password updated successfully

  2. Set up your network settings. Go to System->Administration->Networking, and enter the following values:

  3. General

    • Hostname: computer-name

    • Domain name: <blank>

  4. DNS

    • DNS Servers: 192.168.0.2

    • Search Domains: domain.local

  5. Hosts
    • Delete any existing entries and add these two:
      • Your Machine:

        • IP Address: 127.0.0.1

        • Aliases: 

          computer-name.domain.local
computer-name
      • Server:

        • IP Address: 192.168.0.2

        • Aliases: 

          domain-controller.domain.local
domain-controller

    Now, save those settings as something sensible like JoinDomain. They have a tendency to run away.

SADMS

SADMS is your friend when it comes to joining domains. It may be confusing, but it's a whole lot better than trying to figure out which files to modify how. So, first step is to download SADMS.

  1. Download SADMS - forunately, they have a .deb file on the SourceForge page, avaialble [blah here], that will take care of any nasty dependencies. Download the tarball and drill down to sadms-2.0.11/debian, where you'll find a deb file. Extract it somewhere useful and run it, it should install itself fairly easily.

  2. For some reason, SADMS omitted a space in the menu items that messes things up. You can edit them through the GUI, but I chose to edit the launchers with a root gedit, just paste sudo gedit /usr/share/applications/sadms.desktop /usr/share/applications/sadms-fsacls.desktop /usr/share/applications/sadms-globs.desktop /usr/share/applications/sadms-users.desktop /usr/share/applications/sadms-share.desktop /usr/share/applications/sadms-shares.desktop into a terminal, because the GUI is miserably slow. Either way, just change the launcher target so that it reads gksu /usr/local/bin/sadms-whatever, add a space after gksu.

  3. Now, launch SADMS. You should have checks for the bottom three options. Go to the Data tab and fill in the following:

    DNS

    domain.local

    realm

    DOMAIN.LOCAL

    kdc

    domain-controller

    Netbios domain name

    SHORTNAME

    Netbios server name

    computer-name

    Domain users group

    Domain Users

    Hosts allow

    192.168.0.0/255.255.255.0

    OU to place host in

    Computers

    WINS server

    <leave empty>

    Domain administrator login

    Administrator

    Domain administrator password

    password

    If you want to, you can save these in a file instead (the SADMS save function doesn't seem to work), open a root gedit (with sudo gedit /usr/local/lib/sadms-2.0.11/settings/domain.sadms) and paste the following (again with your info filled in): 

    realm=DOMAIN.LOCAL
dns=domain.local
kdc=domain-controller
domain=SHORTNAME
server=computer-name
hostOu=Computers
administrator=Administrator
administratorPassword=
users=Domain Users
hostsAllow=192.168.0.0/255.255.255.0
winsServer=

    You can then save this in /usr/local/lib/sadms-2.0.11/settings/domain.sadms. You'll note I left the password blank, storing your admin password in a plaintext file is probably a Bad Idea (tm).

  4. Click the "Validate" button. Everything should light up green except for the option WINS server.
  5. Make sure everything works by running all the tests in the Diagnostics menu (DNS, Network, Kerberos are the most important to make sure things are right). If you get errors, double-triple-check all your settings. Make sure you haven't used two different domain names or computer names in two different places - it's a common mistake. If you're sure everything is as it should be, Google your errors and see if you can resolve them. This may take some doing and some luck.

  6. Cross your fingers, hold your breath, and click the "Install Button". Go to the Output tab to watch it go, and watch for errors. If there are none, then go ahead and uncheck the "Test only" item in the PAM menu and click "Install PAM". IMPORTANT: Make sure you have activated the root login as is detailed above. As noted above, messing with PAM can really screw stuff up if something goes awry.

  7. Assuming you've gotten this far, you should be able to do a sudo su at the command prompt followed by a login command. If all went well, you should be able to login with a domain account.

CategoryNetworking