====== LinuxによるActiveDirectoryへの参加 ======
===== パッケージインストール =====
$ sudo yum install samba-winbind samba-winbind-clients krb5-workstation
===== 設定ファイルのバックアップ =====
$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.org
$ sudo cp /etc/krb5.conf /etc/krb5.conf.org
$ sudo cp /etc/nsswitch.conf /etc/nsswitch.conf.org
===== authconfig による自動設定 =====
$ sudo authconfig \
--enablewinbind \
--enablemkhomedir \
--enablewinbindauth \
--krb5kdc=blue-dc.fireball.local,blue-dc2.fireball.local \
--krb5realm=FIREBALL.LOCAL --update
===== smb.confの設定 =====
$ sudo vi /etc/samba/smb.conf
# Global parameters
[global]
workgroup = FIREBALL
server string = Samba Server Version %v
password server = blue-dc.fireball.local blue-dc2.fireball.local
realm = FIREBALL.LOCAL
netbios name = BLUE-SV
security = ads
template shell = /bin/bash
template homedir = /home/%D/%U
obey pam restrictions = yes
idmap config *:backend = tdb
idmap config *:range = 100000-299999
idmap config FIREBALL:backend = rid
idmap config FIREBALL:range = 10000-99999
winbind trusted domains only = no
winbind use default domain = no
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
※もし、このサーバーが共有を提供している場合、obey pam restrictions = yesを記述すると共有の認証に失敗する。\\
その場合は、obey pam restrictions = yesをコメントアウトする。\\
===== ActiveDirectoryに参加 =====
$ sudo net ads join -U Administrator
Enter Administrator's password: <- パスワードを入力
Using short domain name -- FIREBALL
Joined 'BLUE-SV' to dns domain 'fireball.local'
DNS Update for blue-sv.fireball.local failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
joinテスト
$ sudo net ads testjoin
Join is OK
===== winbindの設定反映 =====
$ sudo systemctl restart winbind.service
===== winbindの動作確認 =====
$ sudo wbinfo -t
checking the trust secret for domain FIREBALL via RPC calls succeeded
$ sudo wbinfo -u
FIREBALL\administrator
FIREBALL\krbtgt
FIREBALL\guest
FIREBALL\tomoyan