LinuxによるActiveDirectoryへの参加

$ sudo yum install samba-winbind samba-winbind-clients krb5-workstation

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.org
$ sudo cp /etc/krb5.conf /etc/krb5.conf.org
$ sudo cp /etc/nsswitch.conf /etc/nsswitch.conf.org

$ sudo authconfig \
  --enablewinbind \
  --enablemkhomedir \
  --enablewinbindauth \
  --krb5kdc=blue-dc.fireball.local,blue-dc2.fireball.local \
  --krb5realm=FIREBALL.LOCAL --update

$ sudo vi /etc/samba/smb.conf

# Global parameters
[global]
        workgroup = FIREBALL
        server string = Samba Server Version %v
        password server = blue-dc.fireball.local blue-dc2.fireball.local
        realm = FIREBALL.LOCAL
        netbios name = BLUE-SV
        security = ads
        template shell = /bin/bash
        template homedir = /home/%D/%U
        obey pam restrictions = yes

        idmap config *:backend = tdb
        idmap config *:range = 70001-80000
        idmap config FIREBALL:backend = ad
        idmap config FIREBALL:schema_mode = rfc2307
        idmap config FIREBALL:range = 10000-200000

        winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = no
        winbind offline logon = yes
        winbind enum users = yes
        winbind enum groups = yes

$ sudo net ads join -U Administrator
Enter Administrator's password: <- パスワードを入力
Using short domain name -- FIREBALL
Joined 'BLUE-SV' to dns domain 'fireball.local'
DNS Update for blue-sv.fireball.local failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL

joinテスト

$ sudo net ads testjoin
Join is OK

$ sudo systemctl restart winbind.service

$ sudo wbinfo -t
checking the trust secret for domain FIREBALL via RPC calls succeeded

$ sudo wbinfo -u
FIREBALL\administrator
FIREBALL\krbtgt
FIREBALL\guest
FIREBALL\tomoyan