PDA

View Full Version : Fedora as domain controller for win machines?



hagen
29th September 2009, 11:07 AM
Hi all

I did some searching but did not find excactly what I am looking for.

I wish to use a Fedora (or other Linux) box as a domain controller for windows machines.

All I did find was joining Fedora to AD or setting up a domain controller for other Linux machines (I might have overlooked some stuff).

Anyone know of a 'how-to' on this subject?

aleph
29th September 2009, 11:59 AM
Have you taken a look at this thread?
http://forums.fedoraforum.org/showthread.php?t=183837&highlight=ldap+domain+controller

It may be a little bit dated though.

hagen
29th September 2009, 12:05 PM
Thanks a bunch Aleph

That is just what I am looking for (it seems) :)
I limited my search to stuff never than one year, so that may be the reason this fell trough.


I have joined Fedora to an AD domain, but now I am looking at using a Linux-box as the domain controller as well.

Again
Thank you :)

barry905
30th September 2009, 05:36 AM
I did what you are looking for some time back, although I used an LDAP server as the password server. You can use the same setup but ignore all references to Fedora Directory Server and just use the DNS setup and section 2 (samba setup). The detailed documentation is here:

http://forums.fedoraforum.org/showthread.php?t=183837

Hope it helps. If you have any questions, just post.

hagen
30th September 2009, 08:02 AM
Thanks Barry :)

scottro
30th September 2009, 11:36 AM
It takes time and often, a lot of anger, before you learn it. :) Don't worry, much of it comes with practice. LDAP itself can be a beast. Aside from being pretty complex, much of the documentation will be dated, poorly done, and/or simply not applicable to a situation.

hagen
30th September 2009, 11:41 AM
It takes time and often, a lot of anger, before you learn it. :) Don't worry, much of it comes with practice. LDAP itself can be a beast. Aside from being pretty complex, much of the documentation will be dated, poorly done, and/or simply not applicable to a situation.

Which is precisely why I am doing this at home this time around, and not at the office.
One thing to struggle getting a machine onto the domain (actually... that wasn't so hard), another is struggling to build the domain under all the machines ;)

barry905
1st October 2009, 12:45 AM
Just a little background on that Howto that I referenced. It's one I wrote to document how I set up Fedora Directory Server to run on Domain Controller and handle the user accounts. When I started installing FDS I already had a Domain Controller running, and I just wanted to add an LDAP server to better control user logons and passwords. YOU don't need to do that: you just need to define some way for the controller to access your user database. Probably the easiest is to user smbpasswd.

AS scottro says, LDAP can be a real pain, and you may find it easier and a lot faster to set up your DC without it,and then upgrade later if and when you feel adventurous.

Good luck, and I'd love to hear how you get on.

barry905
1st October 2009, 01:25 AM
Just for info, this is the smb.conf I used before adding LDAP support.

# This is the main Samba configuration file.

#======================= Global Settings =====================================

[global]

workgroup = home
password server = seagoon.home
security = user
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = true

server string = home domain PDC
netbios name = seagoon

interfaces = lo eth0
hosts allow = 127. 192.168.1.

log file = /var/log/samba/log.%m
max log size = 50

username map = /etc/samba/smbusers
smb passwd file = /etc/samba/smbpasswd
encrypt passwords = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u

ldap admin dn = cn=Directory Manager
ldap suffix = dc=home
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups

domain master = yes
domain logons = yes
preferred master = yes
local master = yes
os level = 65


add user script = /usr/sbin/useradd "%u" -n -g users
add group script = /usr/sbin/groupadd "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
delete user script = /usr/sbin/userdel "%u"
delete user from group script = /usr/sbin/userdel "%u" "%g"
delete group script = /usr/sbin/groupdel "%g"


wins support = yes
wins proxy = no

dns proxy = yes

# --------------------------- Printing Options -----------------------------

cups options = raw
printcap name = /etc/printcap
printing = cups


#============================ Share Definitions ==============================

[homes]
comment = Home Directories
browseable = no
writeable = yes
valid users = %S

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = yes
; writeable = no
printable = yes


Hope it helps.