Company Name

  • Network Engineering Skills

    Configured Cisco Routers (2500, 3000, 4000) using RIP, IGRP, OSPF, EIGRP and Switches (5000, 3524, 2900).
    Implementation of DHCP, DNS, FTP, TFTP.
    Implemented traffic filters using Standard and Extended access-lists, Distribute-Lists, and Route Maps.
    Routing Protocol (BGP, OSPF, EIGRP, IGRP, RIP, IS-IS), Routed Protocol (TCP/IP).
    Install and Configuration of DHCP Server, DNS Server, FTP Server, Squid, Web Server On Linux.

  • Computer Programming Skills

    Office Package: Microsoft Word, Microsoft Excel, Microsoft Access, Microsoft PowerPoint, Microsoft Outlook Express.
    Programming Language:Pascal, C, C++, Java, Java Swing, PHP, Dot Net.
    Operating Systems: Windows9X, Windows Server200X, Windows ME, Windows XP, Windows Vista, Windows 7, Linux, MS DOS.
    HTML Editing Tools: Macromedia Dreamweaver, Microsoft FrontPage, Adobe GoLive.
    Graphics Tools: Macromedia Flash, Macromedia Fireworks, Adobe Photoshop, Adobe PageMaker, Adobe Illustrator,SwishMX.

  • Technical Support Specialist

    Install Network Interface Cards NIC s . Setup bindings, IP addresses, WINS, and DNS configurations. Operate, and maintain Local Area Network LAN connectivity using TCP/IP protocol.
    Identify, troubleshoot, and analyze computer related issues. Determine appropriate course of action, and conduct repairs, modifications, and upgrade internal components and peripherals as needed.
    Plan layout of workstation locations and LAN cabling. Coordinate teardown, move, and install of office partitions, desks, and equipment. Install PC workstations, LAN cabling and setup network connectivity.
    Maintained excellent working relationships with customers, field service, sales and marketing people.



How to Integrate windows Active Directory and Samba in Ubuntu

In this tutorial we will see how Integrate windows Active Directory and Samba in Ubuntu.If you want to access samba shares from windows Active Directory.

Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients.” Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients.

Install samba and kerberos in Ubuntu

sudo aptitude install krb5-user

sudo aptitude install samba smbfs smbclient winbind

Configure samba

Now likewise-open and samba packages use separate secrets.tdb (samba password file) files,We need to create a symlink to be  /var/lib/samba

Take a backupof existing file

sudo mv /var/lib/samba/secrets.tdb /var/lib/samba/secrets.tdb.orig

Create a link to /var/lib/samba

sudo ln -s /etc/samba/secrets.tdb /var/lib/samba

Configuring samba and kerberos

Edit /etc/samba/smb.conf file

sudo vi /etc/samba/smb.conf

Note:- replace ug01 netbios name with your own

Change the following parameters

[global]
security = ads
netbios name = ug01
realm = DOMAIN.INTERNAL
password server = domainserver.domain.internal
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no

Save and exit the file

Test the configuration with the testparm command

Kerberos Configuration

Edit the /etc/krb5.conf File

sudo vi /etc/krb5.conf

Change the following lines

[logging]
default = FILE10000:/var/log/krb5lib.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.INTERNAL
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
DOMAIN.INTERNAL = {
kdc = domainserver.domain.internal
admin_server = domainserver.domain.internal
default_domain = DOMAIN.INTERNAL

}

[domain_realm]
.domain.internal = DOMAIN.INTERNAL
domain.internal = DOMAIN.INTERNAL

Save and exit the file

Configuring nsswitch file

Edit /etc/nsswitch.conf to look like the example below

sudo vi /etc/nsswitch.conf

passwd:   compat winbind
group:   compat winbind
shadow:         compat
hosts:          files dns wins
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

Save and exit the file

Modify the PAM settings

  • /etc/pam.d/common-account should contain only the following lines

account sufficient    pam_winbind.so
account required    pam_unix.so

  • /etc/pam.d/common-auth should contain only the following lines

auth    sufficient      pam_winbind.so
auth    required        pam_unix.so nullok_secure use_first_pass

  • Modify the /etc/pam.d/common-password file, so the max parameter is set to 50, similar to the one shown below

password   required   pam_unix.so nullok obscure min=4 max=50 md5

  • Make sure the /etc/pam.d/common-session file contains the following line

session required   pam_mkhomedir.so umask=0022 skel=/etc

Make a directory to hold domain user home directories

Note: Use the value you put in the WORKGROUP tag of the /etc/samba/smb.conf file

mkdir -p /home/DOMAIN

Initialize Kerberos

sudo kinit domain_admin_account@DOMAIN.INTERNAL

Note:- write $FQDN_OF_YOUR_DOMAIN in capitals as you did in your krb5.conf file.You can check you’ve obtained your ticket with klist

Next check to be sure you got a ticket from the domain controller

sudo klist

If you didn’t add your ubuntu server to windows AD use the following command

net ads join -U Adminstrator@$FQDN_OF_YOUR_DOMAIN

Restart Samba-related Services (Or reboot the server)

Note: If you are stopping and starting services the order is important

sudo /etc/init.d/samba stop

sudo /etc/init.d/winbind stop

sudo /etc/init.d/samba start

sudo /etc/init.d/winbind start

Restart SSH and Test Connectivity

Note: If you rebooted the server in the previous step, just try and login.

sudo /etc/init.d/ssh restart

ssh useraccount@server

If you can login using your active directory username and password then everything is working fine.

Configure SUDO

First you need to create a group in Active Directory called UbuntuAdmins and add the names of people whom you want to be able to use sudo to admin the server.

Next, add the UbuntuAdmins group to the /etc/sudoers so these users can use sudo

%UbuntuAdmins ALL=(ALL) ALL

Useful Commands

List the derived UNIX GID values for Active Directory groups

for gid in $(wbinfo -r <username>); \
do SID=$(wbinfo -G $gid);GROUP=$(wbinfo -s $SID); echo $gid is $GROUP; done

See the Active Directory SID for a particular named user

wbinfo –n <username>

This entry was posted in Linux.

Leave a Reply