# Join Debian or Ubuntu machine to Windows AD

Update and install all dependencies

apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install samba winbind krb5-user libnss-winbind -y

Replace the kerberos config file in /etc/krb5.conf with the following content

config
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = MYDOMAIN.LAN

Ensure that the hosts line in /etc/nsswitch.conf looks like this

config
hosts: files dns mdns4_minimal [NOTFOUND=return] mdns    # BAD!!!
hosts: files dns                                         # GOOD

Get a kerberos ticket

kinit <admin username>
klist

We use the RFC2307 samba mode. To configure it like this replace the samba config located in /etc/samba/smb.conf

config
[global]
  workgroup = MYDOMAIN
  security = ADS
  realm = MYDOMAIN.LAN
  idmap config *:backend = tdb
  idmap config *:range = 700001-800000
  idmap config MYDOMAIN:backend = ad
  idmap config MYDOMAIN:schema_mode = rfc2307
  idmap config MYDOMAIN:range = 500-700000
  winbind nss info = rfc2307
  vfs objects = acl_xattr
  map acl inherit = Yes
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes
  template homedir = /home/homes/%U
#disable printer service
  printcap name = /dev/null
  load printers = no
  disable spoolss = yes
  printing = bsd

Update your /etc/hosts and /etc/hostname file that the output of hostname -f show you the fqdn of your server
Now you can join the ad

net ads join -U <admin username>

Edit the /etc/nsswitch.conf that the passwd, group and shadow line matches the lines below

config
passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind

After this reboot your server to apply all changes
You can now confirm that all works with this commands

wbinfo -u
wbinfo -g
wbgin -i administrator
getent passwd administrator