Ubuntu 14.04 Setup Samba File Server Join to Active Directory

* Install Package :

sudo apt-get install -y samba krb5-user winbind libnss-winbind libpam-winbind

* Edit /etc/nsswitch.conf and change these lines :

passwd: compat winbind
group: compat winbind
shadow: compat winbind

* Copy smb.conf :

cp /etc/smb.conf /etc/smb.conf.bak

* Use this script :

[global]
    workgroup = E-NALDI
    server string = Samba Server Version %v
    security = ads
    realm = E-NALDI.COM
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
    use sendfile = true

    idmap config * : backend = tdb
    idmap config * : range = 100000-299999
    idmap config E-NALDI : backend = rid
    idmap config E-NALDI : range = 10000-99999
    winbind separator = +
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind refresh tickets = yes

    restrict anonymous = 2
    log file = /var/log/samba/log.%m
    max log size = 50

#============================ Share Definitions ==============================
[testshare]
    comment = Test share
    path = /srv/share
    read only = no    

* Copy krb5.conf :

cp /etc/krb5.conf /etc/krb5.conf.bak

* Use this script :

[logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    default_realm = E-NALDI.COM
    ticket_lifetime = 24h
    forwardable = yes

[appdefaults]
    pam = {
        debug = false
        ticket_lifetime = 36000
        renew_lifetime = 36000
        forwardable = true
        krb4_convert = false
    }

* Test Kerberos authentication :

kinit administrator
klist

* Join Samba to the domain :

sudo net ads join -U administrator

* Test Winbind :

sudo update-rc.d winbind defaults
sudo service winbind restart
wbinfo -u
# Lists AD users

wbinfo -g
# Lists AD groups

getent passwd
# Should list AD users at the bottom with UIDs in the 10000+ range

getent group
# Should list AD groups at the bottom with GIDs in the 10000+ range

* Create Directory Share :

sudo mkdir -p /srv/share
sudo chmod g=rwx /srv/share
sudo chgrp "Domain Admins" /srv/share

* Restart or Reload Samba Service :

service winbind restart
service nmbd restart
service smbd restart

# Reload
smbcontrol all reload-config