Ubuntu Manpage: sadms - turn a Linux box into a domain controller

Provided by: sadms_2.0.15.repack-0ubuntu2_all

NAME

       sadms - turn a Linux box into a domain controller
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SADMS

       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       What   to  do  ?   \fB-install  the  package's  dependencies  (this  may  be  carried  out
       automatically through apt, yum, urpmi and the likes) \fB-run precheck to ensure everything
       went  well  \fB-detect  the  data  \fB-fill  in  the remaining data \fB-optionally run the
       network,dns,Kerberos diagnostics \fB-run install \fB-you'll have to  wait  for  some  time
       until  Active  Directory  users are imported \fB-run install PAM if Active Directory users
       are        to        interactively        log        in        to        the         host.
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PRETESTS

       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

               This series of tests determine:

               - if Samba 3 is present on the host
               - if krb5-workstation package is present
               - if pam_mount is installed

               Note that the ./START script can guide you
               into installing the required libraries.
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DATA

       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

       DNS : This is the DNS suffix that your Active Directory operates on.

       realm : This is the Kerberos realm, usually the same as the DNS domain but in uppercase.

       kdc  :  This is a Domain Controller that delivers Kerberos tickets used in authentication.
       In case it is not found through DNS.  Also referred to as the  KDC  the  Key  Distribution
       Center.

       netbios  domain name : This is the (short) name for the domain, the way domains were named
       before Active Directory.

       netbios server name : This is the Netbios  name  of  the  Samba  host  you  are  currently
       configuring.  Though  this  is  by no means compulsory, it makes sense to provide the same
       name as the DNS, to be on the safe side.

       domain users group : The container for Domain Users. This  is  localized  and  is  'Domain
       users' in English, ´Utilisa. du domaine´ in French.

       hosts  allow  :  This points at the network that is allowed to access the Samba host being
       configured.  This parameter is a comma, space, or tab delimited set  of  hosts  which  are
       permitted  to  access  the Samba services. You can specify the hosts by name or IP number.
       You can also specify hosts by  network/netmask  pairs  and  by  netgroup  names.  See  man
       smb.conf for further reference.

       OU  to place host in : This is the Organizational Unit container the host to be configured
       will be placed in in Active Directory. This may vary with languages and is ´Computers´  in
       English.

       WINS  server  :  This specifies the IP address (or DNS name: IP address for preference) of
       the WINS server that the host should register with. This is optional and the data will  be
       placed  into  smb.conf  if  the  data  is non\fB-null. The line in smb.conf should then be
       commented out for the  parameter  to  be  disabled.domain  administrator  login  :  Active
       Directory  administrator login you are operating as. This is necessary for a host to enter
       a domain.

       domain administrator password : Active Directory administrator password.

       domain users group : The container for Domain Users. This  is  localized  and  is  'Domain
       users'       in       English,       ´Utilisa.       du      domaine´      in      French.
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PAM

       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

               This will configure system authentication
               (/etc/pam.d/system-auth) to use
                       - pam_winbind : use Active Directory
                         authentication, so the user does not have
                         to have a local account to login to this
                         host.
                       - pam_mkhomedir : create a local home
                         directory footprint for Active Directory
                         user that does not have a local home.
                       - pam_mount : connect to a Samba or Windows
                         remote share that could contain a domain
                         home. The share will be mounted on the local
                         file system (/mnt/net).

       Important note: Tampering with the /etc/pam.d service files  may  result  in  the  machine
       being  unable  to accept any authentication even from root. Should such a situation occur,
       reboot the system in administrative mode  (single)  and  use  an  editor  to  restore  the
       /etc/pam.d/system\fB-auth  to  its  previous contents : remove the pam_winbind, pam_mount,
       pam_Mkhomedir lines and remove use_first\fB-pass in pam_unix line.  It is recommended that
       the system administrator leave a console session open while carrying out the tests.

       Home  server  :  This  is  the  Samba or Windows server that hosts the share the user will
       connect to and will be mounted at /mnt/net.

       Home share : This is the name of the share (without any leading server name). If the share
       is to be determined at run time and is user- dependent, use * as a place\fB-holder for the
       logged\fB-on user name. Tests with more than one level have so far failed (eg users/*).

       Client signing : If you connect to a Windows 2003 server client signing my  be  necessary.
       smbfs  does  not  support  client  signing.   So use the cifs file system.  See the end of
       /etc/psecurity/pammount.conf.

                                        February 02, 2008                                sadms(1)