linux:samba:samba_ad_member

LinuxによるActiveDirectoryへの参加

$ sudo yum install samba-winbind samba-winbind-clients krb5-workstation
$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.org
$ sudo cp /etc/krb5.conf /etc/krb5.conf.org
$ sudo cp /etc/nsswitch.conf /etc/nsswitch.conf.org
$ sudo authconfig \
  --enablewinbind \
  --enablemkhomedir \
  --enablewinbindauth \
  --krb5kdc=blue-dc.fireball.local,blue-dc2.fireball.local \
  --krb5realm=FIREBALL.LOCAL --update
$ sudo vi /etc/samba/smb.conf
# Global parameters
[global]
    workgroup = FIREBALL
    server string = Samba Server Version %v
    password server = blue-dc.fireball.local blue-dc2.fireball.local
    realm = FIREBALL.LOCAL
    netbios name = BLUE-SV
    security = ads

    template shell = /bin/bash
    template homedir = /home/%D/%U
    obey pam restrictions = yes

    idmap config *:backend = tdb
    idmap config *:range = 100000-299999
    idmap config FIREBALL:backend = rid
    idmap config FIREBALL:range = 10000-99999

    winbind trusted domains only = no
    winbind use default domain = no
    winbind offline logon = yes
    winbind enum users = yes
    winbind enum groups = yes

※もし、このサーバーが共有を提供している場合、obey pam restrictions = yesを記述すると共有の認証に失敗する。
その場合は、obey pam restrictions = yesをコメントアウトする。

$ sudo net ads join -U Administrator
Enter Administrator's password: <- パスワードを入力
Using short domain name -- FIREBALL
Joined 'BLUE-SV' to dns domain 'fireball.local'
DNS Update for blue-sv.fireball.local failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL

joinテスト

$ sudo net ads testjoin
Join is OK
$ sudo systemctl restart winbind.service
$ sudo wbinfo -t
checking the trust secret for domain FIREBALL via RPC calls succeeded
$ sudo wbinfo -u
FIREBALL\administrator
FIREBALL\krbtgt
FIREBALL\guest
FIREBALL\tomoyan
  • linux/samba/samba_ad_member.txt
  • 最終更新: 2019/05/18 02:23
  • by 非ログインユーザー