Configuring Linux to Join a Domain

This document includes the required steps for incorporating a Linux server into a domain.

This has been tested on Red Hat Enterprise Linux 4 and CentOS 4.

*Note* Items in italics are settings that you will have to configure for your environment.

Samba Configuration:

Backup original Samba configuration by issuing the following command:
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

Create a new /etc/samba/smb.conf file with the following information. You will need to modify the Workgroup, Server String, Netbios Name, and WINS Server.

[global]
workgroup = DOMAIN
server string = ServerName
netbios name = ServerName

security = ads
realm = DOMAIN.com
encrypt passwords = yes

log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

encrypt passwords = yes
domain master = no
wins server = xxx.xxx.xxx.xxx
dns proxy = no

winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false

Kerberos Configuration:

We will begin by backing up the configuration file:
mv /etc/krb5.conf /etc/krb5.conf.bak

Create a new /etc/krb5.conf with the following information:

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
DOMAIN.COM = {
kdc = domain controller:88
admin_server = domain controller::749
default_domain = domain.com
}

[domain_realm]
.readiloan.com = DOMAIN.COM
readiloan.com = DOMAIN.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}