Install packages
apt install samba winbind krb5-config krb5-user libnss-winbind
Edit /etc/samba/smb.conf
#======================= Global Settings =======================
[global]
workgroup = MIFE
security = ADS
realm = AD.MIFE.CA
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# server string is the equivalent of the NT Description field
server string = %h server (Samba, Ubuntu)
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config MIFE:unix_nss_info = no
idmap config MIFE:backend = ad
# idmap config MIFE:backend = rid
idmap config MIFE:schema_mode = rfc2307
idmap config MIFE:range = 10000-19999
template shell = /bin/bash
template homedir = /home/%U
Edit /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files winbind
group: files winbind
shadow: files
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
testparm
Join to domain
net ads join -U Administrator
Restart services
systemctl restart winbind
systemctl restart smbd
Verify configuration
wbinfo --ping-dc