Ubuntu Manpage: sadms - turn a Linux box into a domain controller

Provided by: sadms_2.0.15.repack-0ubuntu2_all

NAME

       sadms - turn a Linux box into a domain controller
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SADMS

       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       What  to do ?  \fB-install the package's dependencies (this may be carried out automatically through apt,
       yum, urpmi and the likes) \fB-run precheck to ensure everything went well \fB-detect the data \fB-fill in
       the remaining data \fB-optionally run the network,dns,Kerberos  diagnostics  \fB-run  install  \fB-you'll
       have  to  wait  for  some  time  until  Active Directory users are imported \fB-run install PAM if Active
       Directory      users      are      to      interactively      log       in       to       the       host.
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PRETESTS

       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

               This series of tests determine:

               - if Samba 3 is present on the host
               - if krb5-workstation package is present
               - if pam_mount is installed

               Note that the ./START script can guide you
               into installing the required libraries.
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DATA

       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       DNS : This is the DNS suffix that your Active Directory operates on.

       realm : This is the Kerberos realm, usually the same as the DNS domain but in uppercase.

       kdc  :  This is a Domain Controller that delivers Kerberos tickets used in authentication.  In case it is
       not found through DNS.  Also referred to as the KDC the Key Distribution Center.

       netbios domain name : This is the (short) name for the domain, the way domains were named  before  Active
       Directory.

       netbios  server  name  : This is the Netbios name of the Samba host you are currently configuring. Though
       this is by no means compulsory, it makes sense to provide the same name as the DNS, to  be  on  the  safe
       side.

       domain  users group : The container for Domain Users. This is localized and is 'Domain users' in English,
       ´Utilisa. du domaine´ in French.

       hosts allow : This points at the network that is allowed to access the Samba host being configured.  This
       parameter is a comma, space, or tab delimited set of hosts  which  are  permitted  to  access  the  Samba
       services.  You  can specify the hosts by name or IP number. You can also specify hosts by network/netmask
       pairs and by netgroup names. See man smb.conf for further reference.

       OU to place host in : This is the Organizational Unit container the host to be configured will be  placed
       in in Active Directory. This may vary with languages and is ´Computers´ in English.

       WINS  server  : This specifies the IP address (or DNS name: IP address for preference) of the WINS server
       that the host should register with. This is optional and the data will be placed  into  smb.conf  if  the
       data  is  non\fB-null.  The  line  in  smb.conf  should  then  be  commented  out for the parameter to be
       disabled.domain administrator login : Active Directory administrator login you are operating as. This  is
       necessary for a host to enter a domain.

       domain administrator password : Active Directory administrator password.

       domain  users group : The container for Domain Users. This is localized and is 'Domain users' in English,
       ´Utilisa. du domaine´ in French.  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PAM

       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

               This will configure system authentication
               (/etc/pam.d/system-auth) to use
                       - pam_winbind : use Active Directory
                         authentication, so the user does not have
                         to have a local account to login to this
                         host.
                       - pam_mkhomedir : create a local home
                         directory footprint for Active Directory
                         user that does not have a local home.
                       - pam_mount : connect to a Samba or Windows
                         remote share that could contain a domain
                         home. The share will be mounted on the local
                         file system (/mnt/net).

       Important note: Tampering with the /etc/pam.d service files may result in the  machine  being  unable  to
       accept  any  authentication  even  from  root.  Should  such  a  situation  occur,  reboot  the system in
       administrative mode (single) and use an editor to restore the /etc/pam.d/system\fB-auth to  its  previous
       contents  :  remove  the  pam_winbind,  pam_mount,  pam_Mkhomedir  lines  and remove use_first\fB-pass in
       pam_unix line.  It is recommended that the system  administrator  leave  a  console  session  open  while
       carrying out the tests.

       Home  server : This is the Samba or Windows server that hosts the share the user will connect to and will
       be mounted at /mnt/net.

       Home share : This is the name of the share (without any leading server name).  If  the  share  is  to  be
       determined at run time and is user- dependent, use * as a place\fB-holder for the logged\fB-on user name.
       Tests with more than one level have so far failed (eg users/*).

       Client  signing  : If you connect to a Windows 2003 server client signing my be necessary. smbfs does not
       support client signing.  So use the cifs file system.  See the end of /etc/psecurity/pammount.conf.

                                                February 02, 2008                                       sadms(1)