Gentoo Wiki


This article is still a Stub. You can help Gentoo-Wiki by expanding it.



Follow these steps to configure your Gentoo system so you can log into it through ssh using your Active Directory credentials.

Step ONE - Requisites

Let's make sure we compile our cute openssh daemon with PAM support

# echo net-misc/openssh pam >> /etc/portage/packages.use
# emerge -av --update --newuse --deep openssh

Step TWO - Installation

Emerge samba with winbind support

# echo net-fs/samba winbind ldap >> /etc/portage/package.use
# emerge -av samba

Step THREE - Configuration


If you don't need to share any folders on the Linux side, set the daemon_list option in /etc/conf.d/samba to winbind, otherwise to smbd nmbd winbind.


Now create a home directory for your domain with mkdir /home/<YOUR_DOMAIN> and edit /etc/samba/smb.conf:

File: /etc/samba/smb.conf
 workgroup = <YOUR_DOMAIN_NAME>
 server string = Gentoo
 security = DOMAIN
 encrypt passwords = true
 idmap uid = 10000-20000
 idmap gid = 10000-20000
 template shell = /bin/bash
 netbios name = <YOUR_LINUX_HOSTNAME>
 winbind separator = /

Join the Domain

Run net join -S <YOUR_DC> -U <AD_ADMIN_USER>


You need to add winbind to NSS to make things work. To do so, edit /etc/nsswitch.conf:

File: /etc/nsswitch.conf
 passwd:  compat '''winbind'''
 shadow:  compat '''winbind'''
 group:   compat '''winbind'''

 hosts:   files '''wins''' dns


Edit /etc/pam.d/system-auth:

File: /etc/pam.d/system-auth
 auth       required
 '''auth       sufficient'''
 auth       sufficient '''use_first_pass''' likeauth nullok
 auth       required
 account    required
 password   required difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
 password   sufficient nullok md5 shadow use_authtok
 password   required
 session    required
 session    required
 '''session    required skel=/etc/skel/ umask=0077'''

Step FOUR - Finishing

# /etc/init.d/ssh restart
# /etc/init.d/samba restart
Note: When login on use <YOUR_DOMAIN>/<YOUR_USERNAME> nomenclature. The "/" is important !
Retrieved from ""

Last modified: Mon, 08 Sep 2008 05:02:00 +0000 Hits: 5,444