Rowland penny
2021-Jun-17 17:44 UTC
[Samba] Have I managed to join Kali Linux to Windows Active Directory Domain Successfully?
On 17/06/2021 16:56, Turritopsis Dohrnii Teo En Ming via samba wrote:> Subject: Have I managed to join Kali Linux to Windows Active Directory > Domain Successfully? > > Good day from Singapore, > > This is the reference guide which I have followed. > > Article: Integrating a Linux Machine Into Windows Active Directory Domain > Link: > https://www.datasunrise.com/blog/professional-info/integrating-a-linux-machine-into-windows-active-directory-domain/As per normal, there are errors ? Do not put the DC's host info in /etc/hosts The server line it tells you to put in /etc/ntp.conf isn't quite right, it should be: server dc.supermario.corp.net iburst prefer you also need this line: restrict dc.supermario.corp.net mask 255.255.255.255 nomodify notrap nopeer noquery You haven't installed all the required packages, you need: acl xattr krb5-user libpam-krb5 libpam-ccreds auth-client-config samba winbind libpam-winbind libnss-winbind ntp You also need to remove sssd and realmd if they are installed. /etc/krb5.conf needs only to have these lines: [libdefaults] ??? default_realm = SUPERMARIO.CORP.NET ??? dns_lookup_realm = false ??? dns_lookup_kdc = true Your /etc/samba/smb.conf should look similar to this: [global] ??? workgroup = SUPERMARIO ??? realm = SUPERMARIO.CORP.NET ??? security = ADS ??? server string = %h server (Samba, Ubuntu) ??? idmap config * : backend = tdb ??? idmap config * : range = 3000-7999 ??? idmap config SUPERMARIO : backend = rid ??? idmap config SUPERMARIO : range = 10000-999999 ??? template shell = /bin/bash ??? winbind use default domain = yes ??? winbind expand groups = 2 ??? winbind refresh tickets = Yes ??? domain master = no ??? local master = no ??? preferred master = no ??? dns proxy = no ??? username map = /etc/samba/user.map ??? vfs objects = acl_xattr ??? map acl inherit = Yes ??? log file = /var/log/samba/log.%m ??? max log size = 1000 ??? syslog = 0 ??? panic action = /usr/share/samba/panic-action %d Create /etc/samba/user.map containg this: !root = SUPERMARIO\Administrator You will need to remove every 'sss' from /nsswitch.conf and add 'winbind' to the 'passwd and 'group' lines. Rowland
Turritopsis Dohrnii Teo En Ming
2021-Jun-18 14:44 UTC
[Samba] Have I managed to join Kali Linux to Windows Active Directory Domain Successfully?
Dear Rowland Penny, Thank you for your prompt reply. I will try it out. On 2021-06-18 01:44, Rowland penny via samba wrote:> On 17/06/2021 16:56, Turritopsis Dohrnii Teo En Ming via samba wrote: >> Subject: Have I managed to join Kali Linux to Windows Active Directory >> Domain Successfully? >> >> Good day from Singapore, >> >> This is the reference guide which I have followed. >> >> Article: Integrating a Linux Machine Into Windows Active Directory >> Domain >> Link: >> https://www.datasunrise.com/blog/professional-info/integrating-a-linux-machine-into-windows-active-directory-domain/ > > > As per normal, there are errors ? > > Do not put the DC's host info in /etc/hosts > > The server line it tells you to put in /etc/ntp.conf isn't quite > right, it should be: > > server dc.supermario.corp.net iburst prefer > > you also need this line: > > restrict dc.supermario.corp.net mask 255.255.255.255 nomodify notrap > nopeer noquery > > You haven't installed all the required packages, you need: > > acl xattr krb5-user libpam-krb5 libpam-ccreds auth-client-config samba > winbind libpam-winbind libnss-winbind ntp > > You also need to remove sssd and realmd if they are installed. > > /etc/krb5.conf needs only to have these lines: > > [libdefaults] > ??? default_realm = SUPERMARIO.CORP.NET > ??? dns_lookup_realm = false > ??? dns_lookup_kdc = true > > Your /etc/samba/smb.conf should look similar to this: > > [global] > ??? workgroup = SUPERMARIO > ??? realm = SUPERMARIO.CORP.NET > ??? security = ADS > ??? server string = %h server (Samba, Ubuntu) > > ??? idmap config * : backend = tdb > ??? idmap config * : range = 3000-7999 > ??? idmap config SUPERMARIO : backend = rid > ??? idmap config SUPERMARIO : range = 10000-999999 > ??? template shell = /bin/bash > > ??? winbind use default domain = yes > ??? winbind expand groups = 2 > ??? winbind refresh tickets = Yes > > ??? domain master = no > ??? local master = no > ??? preferred master = no > ??? dns proxy = no > > ??? username map = /etc/samba/user.map > > ??? vfs objects = acl_xattr > ??? map acl inherit = Yes > > ??? log file = /var/log/samba/log.%m > ??? max log size = 1000 > ??? syslog = 0 > ??? panic action = /usr/share/samba/panic-action %d > > Create /etc/samba/user.map containg this: > > !root = SUPERMARIO\Administrator > > You will need to remove every 'sss' from /nsswitch.conf and add > 'winbind' to the 'passwd and 'group' lines. > > Rowland-- -----BEGIN EMAIL SIGNATURE----- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html ******************************************************************************************** Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -----END EMAIL SIGNATURE-----