LDAP synchronization with Active Directory

The simple ways to sync between LDAP and Windows Active Directory, if you have
an existing system that couldn't be replace with another and the system has authenticated
by Windows Active Directory but you need LDAP for Linux Authentication, here the way to do that :
1. get samba, kerberos, ntp, ldap
2. Exactly AD user permission with admin level

Download......

--> sudo apt-get install samba samba-config
--> sudo apt-get install krb5-config krb5-user krb5-admin-server
--> sudo apt-get install libnss-ldap
--> sudo apt-get install ntp
--> sudo apt-get install winbind

configure your ntp at /etc/cron.daily/ntpdate, you need create it by

vi ntpdate

please type this configuration inside

ntpdate hostnameAD.DOMAIN.CO.ID

save and exit. Test by command ntpq -p

1. Configure your smb.conf at /etc/samba/smb.conf
#======================= Global Settings =======================

[global]
workgroup = DOMAIN
realm = DOMAIN.CO.ID
preferred master = no
server string = Helpdesk test machine
security = ADS

Please click here to download full configuration

2. Configure your krb5.conf at /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

Please click here to download full configuration

3. Configure your nsswitch.conf at /etc/nsswitch.conf
/etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:        files winbind
group:          files winbind
shadow:         files winbind

Please click here to download full configuration

4. Configure resolv.conf at /etc/resolv.conf

nameserver wins/dns-ipaddress

domain domain.co.id
search domain.co.id

5. Configure your hosts file at /etc/hosts
127.0.0.1       localhost
LinuxIPaddress  linuxhostname.domain.co.id linuxdesc
AD-ipaddress    hostnameAD.DOMAIN.co.id ADDESC

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

6. Finally config your ldap.conf at /etc/ldap.conf

Please click here to download full configuration

Ok Now test synchronization.......

type this command below

net ads join -W domain.co.id -U administrator

that's should be asking for password user administrator, just enter it and
your LDAP and AD has synchronize...congratulation!! :)

but there is one problem, when you entered password joined success but DNS Update Failed!

it's Ok your users from AD should be import now to your LDAP.