There's a pretty simple setup that just requires samba and pam_mkhomedir.so (use apt-get install)
Then create a new file to configure authentication with the contents below. Edit the variables at the top of the file. The first entry (workgroup) is the NETBIOS name of your domain.
#!/bin/bash
ADSWorkgroup="yourdomain"
ADSDomain="yourdomain.com"
ADSServer="domaincontroller.yourdomain.com"
AdminUser="user@yourdomain.com"
authconfig --update --kickstart --enablewinbind --enablewinbindauth --smbsecurity=ads \
--smbworkgroup=$ADSWorkgroup --smbrealm=$ADSDomain \
--smbservers=$ADSServer --winbindjoin=$AdminUser \
--winbindtemplatehomedir=/home/%U --winbindtemplateshell=/bin/bash \
--enablewinbindusedefaultdomain --enablelocauthorize
After creating the file make it executable with chmod +x <filename>
. Run the file and put in your AD credentials when asked.
Then edit /etc/pam.d/sshd, adding the following line after "pam_selinux.so close"
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
Finally, use visudo to allow the appropriate AD group to sudo by adding the following after the wheel entry:
"%domain admins" ALL=(ALL) ALL
You should be good to go! Make sure you try sshing from a new session, don't logout from the first session in case something goes wrong.