1

Index:

Manual Clarifications........................................................................................................ 3

What is Winbind (SAMBA)?................................................................................................4

Configuration on the server:

- Creation of users...............................................................................................................5
- Creation of folders............................................................................................................ 6
- Permissions screenshots...................................................................................... 6 and 7

Configuration on the Ubuntu Client:

- Installation of PBIS............................................................................................................ 8
- Installation and configuration of SAMBA.....................................................................10

Testing and validation.....................................................................................................14

2
Manual Clarifications:
- This document is for the purpose of completing a practice of the subject
M4 for Ferreria educational center.

- In this activity, the task is to connect an Ubuntu Client with a Windows

Server in Active Directory.

- The Windows server and Ubuntu client are virtual machines created with
VirtualBox, so you will find related captures.

- Each point of the document refers to a point of activity.

3
What is Winbind (SAMBA)?
Winbind is a component of the Samba suite of programs used for file and print
services in a network environment. Samba is an open-source implementation of
the SMB/CIFS networking protocol, which enables interoperability between
Linux/Unix servers and Windows-based clients.

Winbind specifically provides integration between Samba and the Windows

Server domain controller's authentication mechanisms, such as the Security
Account Manager (SAM) database. It allows Unix-like operating systems (such as
Linux) to authenticate users against a Windows domain controller, enabling
single sign-on and access to resources like files, printers, and other services
within a Windows domain.

When Winbind is configured on a Linux server, it acts as a bridge between the

Unix authentication system (which typically uses mechanisms like /etc/passwd
and /etc/shadow) and the Windows domain controller. This allows users to log in
to the Linux system using their Windows domain credentials, simplifying
management and enhancing security in heterogeneous network environments.

4
Configuration on the Active Directory Server:
Within our Windows server we will create a couple of shared folders and users,
which will help us verify correct operation with the Ubuntu client.

Creation of users:
Inside the active directory I created the users guide and viatgerSL, which will be
on a new group called traveling.

5
Creation of folders:
The first folder will be created in "C:\media\fotos_Sanchez”. I will give read and
write access for the guide user and read-only access for all users of the traveling
group.

(I also created a file inside the folder to prove that the

client can see files.)

Permissions screenshots:

6
The second folder will be created in "C:\media\videos_Sanchez”. I will give read
and write access for the guide user and read-only access for all users of the
traveling group.

Permissions screenshots:

7
Configuration on the Ubuntu Client:
Installation of PBIS:
Before accessing the resources shared by the Windows server using Samba, we
will download PBIS (PowerBroker Identity Services).

This application allows the integration of Linux and Unix systems with Microsoft
Active Directory directory infrastructures. As the resources shared by our
server are through a domain, we will have to add it.

(If you have shared files over the network, you will only need to configure SAMBA.)

PBIS is only available on a repository of GitHub, so you will have to download it

from this repository: https://github.com/BeyondTrust/pbis-open/releases

You will have to give the executable privilege and execute it to install the
program.

After this step, configure the LAN

network and do a simple test to be sure
that both machines can interact between
them.

8
Now, you will have to put the command “/opt/pbis/bin/domainjoin-cli join
--disable ssh [domain] [administrator account]”.

With this command we request to enter the domain in addition to disabling SSH
to avoid possible blockages. They will ask us for the Active Directory
administrator password and it will join us to the domain.

Now, you have to restart.

In my case I am going to try to log in with one of the users created previously. To
do this, we will have to specify the domain as seen in the screenshot.

And as you can see, I log in with the AD User.

9
Installation and configuration of SAMBA:
Now is the moment to install Samba. To install it you will need to use the
command “sudo apt-get install samba”.

Then, you will have to configure it by adding some parameters of the file located
in “/etc/samba/smb.conf”. There are many examples in the smb.conf file.

10
In my case these examples are not necessary for me, so I did a copy of the
configuration file and I created another to put my own rules.

This is my configuration file, where I created two shared objects. These objects
have got the path of the original folder and some permissions:

11
And if we try to go to our folders > other locations you will see the Windows
Network and “LDAPCLIENT” which have nothing inside, because they are
created automatically by SAMBA.

To access the server you will have to put “smb://[Ip of your server]” and click
into the Connect button.

12
After a few seconds, it will ask you again for a user's credentials and then you
will be able to see the shared folders from the Windows server.

(Inside the folders you will find the documents created before.)

13
Testing and validation:
If I try to change the file located in fotos_sanchez with the user Guide, I will be
able to do it because I have the necessary permissions.

14
If I try to change the file located in fotos_sanchez with the user ViatgerSL, I
won’t be able to do it because I haven’t got the necessary permissions.

15