So for the last couple of days I’ve been banging away on getting an Ubuntu box to authenticate against our Windows 2003 domain and if I’m successful I’ll be able to proceed with developing a new intranet based on FLOSS tools. So far everything has been progressing well in that the set up and configuration of krb5, Samba, and Winbind came off largely without a hitch thanks to the excellent How-To posted by tfieldfer. The only comment I have to add is that caps lock is your friend when performing net join ads and running kinit: your domain should be in caps like so james@FOO.BAR.
At the moment we are able to have all users in the domain login via GDM and auto-create a directory under /home/DOMAIN/username but the catch is that they cannot browse the network without running kinit, but (and it is huge but) the user has to be a domain admin. Head scratching for sure and added to the confusion is the fact that the sudoers list is not picking up the unix admins group we set up. Not that we really need uses to login, it was more of an exercise to see if we could roll out some non-windows boxes to folks who just need mail, Internet, and office applications (that would account for 99% of the company if it weren’t for the proprietary Windows based business system we run).
So what remains? Running a website will be the easy part. The big task is that we need to ensure that file sharing works, that a windows client can map a drive to a share on the Ubuntu box and additionally offer granular rights based on both individuals and groups as dictated by Active Directory. I’m making the slow crawl through The Official Samba HOWTO, dry for sure but I am hopeful that I can dig out some solutions and answers to our myriad and numerous questions.
At the very least the project is keeping my mind busy and imparting some solid Linux admin skills.
