Monday, June 15, 2009

Notes on Joining OSVault to a Windows 2003 Active Directory

The hardest part about joining OSVault to a Windows 2003 Active Directory setup is understanding the configuration of your Domain and making sure the Windows 2003 server is setup correctly. If you have an existing Active Directory setup (with a Domain Controller), then the methods used to join OSVault to that domain is detailed further on.

Edit /etc/samba.smb.conf and make sure you have the following
WORKGROUP = MYDOMAIN
REALM = MYDOMAIN.MYCOMPANY.COM
SECURITY = ADS
netbios name = MYCOMPUTER

Make sure your /etc/krb5.conf file has at least the following:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = MYDOMAIN.MYCOMPANY.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
MYDOMAIN.MYCOMPANY.COM = {
kdc = MYDOMAIN.MYCOMPANY.COM:88
admin_server = MYDOMAIN.MYCOMPANY.COM:749
default_domain = MYDOMAIN.MYCOMPANY.COM
}

[domain_realm]
.kerberos.server = MYDOMAIN.MYCOMPANY.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}


From command line you should do the following:
  • kinit administrator@MYDOMAIN.MYCOMPANY.COM
where administrator is any account on the Domain that has "Domain Admin" privileges

  • net join -U administrator
again, where administrator is any account on the Domain that has "Domain Admin" privileges

Your OSVault hostname MUST match your full host name on the PDC (i.e. the output from `hostname` command is MYMACHINE.MYDOMAIN.MYCOMPANY.COM


Go to http://www.joeware.net/freetools to get a set of tools for your Windows 2003 server, such as adfind, admod, oldcmp, findexpacc, and memberof.
Posted by at No comments:
Subscribe to: Posts (Atom)