In order to participate in an AD style domain, you must have the machine joined to the domain using Administrator credentials. This will create the machine's account within the database, and provide credentials to the system for querying the ldap server.
Install
Samba
,heimdal-clients
, andwinbind
:sudo apt-get install winbind
Populate
/etc/samba/smb.conf
:[global] workgroup = EXAMPLE realm = ad.example.org security = ads idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash winbind use default domain = yes
Join the system to the domain:
sudo net ads join -U Administrator
Configure the system to use
winbind
for account information in/etc/nsswitch.conf
:passwd: compat winbind group: compat winbind