Now, open /etc/nf file with a text editor and add winbind statement at the end of the password and group lines as illustrated on the below screenshot. $ sudo pam-auth-updateĬonfigure PAM for Samba4 AD Enable PAM Authentication Module for Samba4 AD Usersġ7. When finished hit key to move to Ok and apply changes. Use the pam-auth-update command to open PAM configuration prompt and make sure you enable all PAM profiles using key as illustrated on the below screenshot. Next, we need to modify local PAM configuration files in order for Samba4 Active Directory accounts to be able to authenticate and open a session on the local system and create a home directory for users at first login. After you’ve made the changes, use testparm utility to make sure no errors are found on samba configuration file and restart samba daemons by issuing the below command. Samba Authentication Using Active Directory User Accountsġ5.
Make sure the following statements appear on the configuration file: winbind enum users = yes In order to login on the system with an Active Directory account you need to make the following changes on your Linux system environment and modify Samba4 AD DC.įirst, open samba main configuration file and add the below lines, if missing, as illustrated on the below screenshot. By default, AD users cannot perform local logins on the Linux system outside Samba AD DC environment. Step 2: Samba Local Authentication Using Active Directory Accountsġ4. The above settings are used just for demonstration purposes. Never use the password policy rules as illustrated above on a production environment. In order to modify samba domain password policy, such as the password complexity level, password ageing, length, how many old password to remember and other security features required for a Domain Controller use the below screenshot as a guide. To review your samba domain password settings use the below command: # samba-tool domain passwordsettings showġ3. As mentioned earlier, samba-tool command line interface can also be used to manage your samba domain policy and security. # samba-tool group remove members your_domain_group your_domain_userġ2.
Adding/Removing a member from a samba domain group can be done by issuing one of the following commands: # samba-tool group addmembers your_domain_group your_domain_user To list all the samba domain members in a specific group use the command: # samba-tool group listmembers "your_domain group"ġ1. To display all samba domain groups run the following command: # samba-tool group listġ0. Delete a samba domain group by issuing the below command: # samba-tool group delete your_domain_groupĩ. Likewise, samba groups can be managed with the following command syntax: - review all options -Ĩ. # samba-tool user enable your_domain_userħ. In order to disable or enable an samba AD User account use the below command: # samba-tool user disable your_domain_user Reset a samba domain user password by executing the below command: # samba-tool user setpassword your_domain_userĦ. To delete a samba AD domain user use the below syntax: # samba-tool user delete your_domain_userĥ. A listing of all samba AD domain users can be obtained by issuing the following command: # samba-tool user listĤ. # samba-tool user add your_domain_user -given-name=your_name -surname=your_username -login-shell=/bin/bashģ. To add a user with several important fields required by AD, use the following syntax: - review all options. In order to create a user on AD use the following command: # samba-tool user add your_domain_user Now, let’s start using samba-tool utility to administer Samba4 Active Directory and manage our users. Samba-tool – Manage Samba Administration ToolĢ. To review the entire functionality of samba-tool just type the command with root privileges without any option or parameter. With the help of samba-tool interface you can directly manage domain users and groups, domain Group Policy, domain sites, DNS services, domain replication and other critical domain functions. Samba AD DC can be managed through samba-tool command line utility which offers a great interface for administrating your domain. Step 1: Manage Samba AD DC from Command Lineġ.
We’ll also take a look on how to manage domain security policy and how to bind AD users to local PAM authentication in order for AD users to be able to perform local logins on Linux Domain Controller. This tutorial will cover some basic daily commands you need to use in order to manage Samba4 AD Domain Controller infrastructure, such as adding, removing, disabling or listing users and groups.