Skip to main content

Active Directory Configuration

Joining Linux Machine to Windows Domain

The following steps 1-6 described below should be performed once before the first run of Fusion File Share server in a domain environment. After that authentication data will be saved in the file /etc/krb5.keytab, and just running tsmb-server binary is required.

1. Check supplied smb.conf and edit it to match your system:

  • Change ‘realm’ to FQDN of your domain (e.g., ‘example.com’).
  • Change ‘workgroup’ to NetBIOS name of your domain (e.g., ‘EXAMPLE’).
  • Specify in ‘lock directory’ and ‘private dir’ the path of directory that is written for user that you will use while joining the domain.

2. Check that name of your domain can be resolved to IP address of your domain controller:

getent hosts <domain fqdn>

Example:

getent hosts example.com

3. Check that both short hostname (it can be found using ‘hostname -s’ command) and long host- name (it can be found using ‘hostname -f’ command) of your host can be resolved to some real IP address (not in 127.0.0.0/8 network). You can use ‘getent’ tool for this:

getent hosts `hostname -s`
getent hosts `hostname -f`

This should succeed if you have configured DNS zone for your network.

If you have DNS server configured but there is no entry for your host in your zone, you can add corresponding A record for it to the zone.

If you have no DNS server and resolution failed, you can update the /etc/hosts file so that it will keep a line:

<ip addr> <short hostname> <long hostname>

Example:

10.0.10.169 myhost myhost.example.com

4. Adding computer entry to the domain

net -s ./smb.conf ads join createupn=cifs/<short hostname>@<domain name> -U <username>

Example:

net -s ./smb.conf ads join createupn=cifs/[email protected] -U administrator

Here <username> is the name of domain user from ‘Domain Admins’ group.

You will be prompted for password of this user during the operation.

5. Save keys in the generic format readable by Fusion File Share

sudo net -s ./smb.conf ads keytab create -U <username>

Here <username> is the name of domain user from ‘Domain Admins’ group.

You will be prompted for password of this user.

This command writes to the file /etc/krb5.keytab, so you need to run it as a user that is granted with permission to do this or to use ‘sudo’.

6. Check that hosts that are used as SMB clients can resolve host name of your Fusion File Share server to IP address. Add corresponding entry to DNS zone or ‘hosts’ file if required.

7. Your host is a member of your domain, you can run Fusion File Share server now.

User Database

If Active Directory is used as user database, you need to set in the global configuration file:

userdb_type = ad

This will enable Fusion File Share server to perform authentication and authorization using Active Directory. When Fusion File Share server is set to use Windows Active Directory, the server does not assign users UNIX local UID / GID - this should be already done using some external software, e.g., Winbind or SSSD.