https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
Packages to install
aptitude install winbind samba smbclient libpam-winbind libnss-winbind
$ vi /etc/samba/smb.conf
[global] security = ADS workgroup = DOMAIN realm = AD.DOMAIN #log file = /var/log/samba/%m.log #log level = 1 idmap config *:range = 10000-20000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash winbind use default domain = yes # map acl inherit = yes store dos attributes = yes winbind refresh tickets = yes winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config * : schema_mode = rfc2307 idmap config * : default = yes idmap config DOMAIN : backend = ad idmap config * : backend = tdb log file = /var/log/samba/log.%m max log size = 1000 logging = fil
$ net ads join -U Administrator
$ systemctl restart winbind.service
$ systemctl restart smbd.service
$ systemctl restart nmbd.service
$ pam-auth-update
(make sure winbind is selected)
vi /etc/nsswitch.conf
changes:
passwd: compat systemd winbind group: compat systemd winbindTest it
$ getent passwd
$ wbinfo -u
This commands above should bring users from AD
In order to have users login you need to create it's home at /home/DOMAIN/user1
If you want sudo to work do:
for a group (this enable and do not ask for password)
%domain\ admins ALL=(ALL) NOPASSWD: ALL
for a user only
user1 ALL=(ALL) NOPASSWD: ALL