1 sudo apt-get update
2 sudo apt-get install mc openssh-server
4 sudo mcedit /etc/hostname

dc01-ubuntu.svk.int

5 sudo mcedit /etc/hosts

127.0.0.1 dc01-ubuntu.svk.int localhost.localdomain localhost
127.0.1.1 dc01-ubuntu

6 sudo mcedit /etc/default/ntpdate

NTPSERVERS="192.168.0.254"

7 sudo /etc/network/if-up.d/ntpdate

8 sudo reboot by root

9 sudo apt-get install samba smbfs smbclient winbind samba-tools

21 sudo touch /etc/network/if-up.d/winbr

22 sudo mcedit /etc/network/if-up.d/winbr

#!/bin/sh
/etc/init.d/winbind restart

23 sudo chmod +x /etc/network/if-up.d/winbr

24 sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

28 sudo mcedit /etc/samba/smb.conf

[global]
security = ADS
realm = SVK.INT
password server = 192.168.0.1
workgroup = SVK
winbind separator = +
winbind refresh tickets = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2
server string = %h AD Station Ubuntu
log file = /var/log/samba/%m.log
max log size = 1000
syslog = 0
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes

29 testparm

30 sudo /etc/init.d/winbind stop && sudo /etc/init.d/samba restart && sudo /etc/init.d/winbind start

34 sudo apt-get install krb5-user libpam-krb5

35 sudo mcedit /etc/krb5.conf

default_realm = SVK.INT
...
[realms]
SVK.INT = {
kdc = terminal.svk.int
admin_server = terminal.svk.int
}

36 sudo kinit администратор@SVK.INT

36 klist ,

должно получить что- то типа ...

klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1000)
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached

38 sudo net ads join -Uадминистратор ,

должно получиться что- то типа ...

Enter администратор's password:
Using short domain name — SVK
Joined 'DC01-UBUNTU' to realm 'svk.int'

39 sudo mcedit /etc/nsswitch.conf

passwd: compat winbind
group: compat winbind
...
netgroup: nis winbind

47 sudo /etc/init.d/winbind stop && sudo /etc/init.d/samba restart && sudo /etc/init.d/winbind start

48 sudo wbinfo -u

49 sudo wbinfo -g

84 sudo cp -R /etc/pam.d/ /etc/pam.d.orig

Настраиваем PAM — аутентификацию ...

124 sudo mcedit /etc/pam.d/common-auth,

должно быть только это ...

auth sufficient pam_winbind.so
auth required pam_unix.so nullok_secure use_first_pass

135 sudo mcedit /etc/pam.d/common-account,

должно быть только это ...

account sufficient pam_winbind.so
account required pam_unix.so

136 sudo mcedit /etc/pam.d/common-password,

должно быть только это ...

password required pam_unix.so nullok obscure min=4 max=50 md5
password requisite pam_deny.so
password required pam_permit.so

137 sudo mcedit /etc/pam.d/common-session,

добавим в конец файла

session required pam_mkhomedir.so umask=0022 skel=/etc/skel

138 sudo mcedit /etc/pam.d/sudo

#%PAM-1.0

@include common-auth
@include common-account

session required pam_permit.so
session required pam_limits.so

176 sudo mcedit /etc/security/group.conf,

добавим в конец файла

*;*;*;Wk0900—2200;adm,audio,scanner,lpadmin
*;*;vbuoc;Al0000—2400;adm,audio,scanner,cdrom,floppy,plugdev,admin,dip,video,netdev,lpadmin,powerdev
*;*;администраторы\ домена;Al0000—2400;adm,audio,scanner,cdrom,floppy,plugdev,admin,dip,video,netdev,lpadmin,powerdev

177 sudo mcedit /etc/sudoers

localadmin ALL=(ALL) ALL
%администраторы\ домена ALL=(ALL) ALL

178 sudo /etc/init.d/winbind stop && sudo /etc/init.d/samba restart && sudo /etc/init.d/winbind start
...
Проверено на сервере Active Directory Windows 2000 Server SP4, Ubuntu 8.10

Взял здесь http://vb-it.blogspot.com/2009/02/blog-post.html