Authenticate Ubuntu 15.10 to AD without being a Member Server

11/3/2016 - 11:45 AM

Authenticate Ubuntu 15.10 to AD without being a Member Server

<#
  In this example:
  1. Active Directory domain: base.local
  2. Domain controller 1: dc.base.local
  3. Domain controller 2: bdc.base.local
  4. Test username: base\chrissy
  
  Note: Make sure your DNS servers are your AD DNS servers
#>

# Install required packages (ntp keeps your clock on time)
apt-get -y install krb5-user ntp ntpdate 

# To add your DC to the time server list, edit /etc/ntp.conf
service ntp stop
ntpdate -s ntp.ubuntu.org
service ntp start

# Next, edit your kerberos conf
vi /etc/krb5.conf

[libdefaults]
 ticket_lifetime = 24000
 default_realm = BASE.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 
[realms]
 BASE.LOCAL = {
  kdc = dc.base.local:88
  kdc = bdc.base.local:88
 }
 
[domain_realm]
 .base.local = BASE.LOCAL
 base.local = BASE.LOCAL
 
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

# Get a ticket 
kinit chrissy

# Look at your ticket list
klist

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Authenticate Ubuntu 15.10 to AD without being a Member Server