LinuxNetwork

Centos samba join to domain controller ADS 2008

Pubblicato il
twitterlinkedin

Linee guida su come mettere in JOIN il servizio samba su un dominio active directory di microsoft windows 2008.

Prerequisiti software:
(centos 64bit)
yum install samba3x.x86_64 samba3x-client.x86_64 samba3x-common.x86_64 samba3x-winbind.x86_64 samba3x-winbind-devel.x86_64

I file di configurazione interessati sono:
/etc/resolv.conf
/etc/pam.d/login
/etc/krb5.conf
/etc/hosts
/etc/samba/smb.conf
/etc/nsswitch.conf

file /etc/resolv.conf
<aggiungere il server domain controller nella lista nameserver>
nameserver <ip del server>

file /etc/pam.d/login
<aggiungere le seguenti righe; nella versione 32 bit serve
verificare la posizione del file pam_winbind.so>

auth sufficient /lib64/security/pam_winbind.so
account sufficient /lib64/security/pam_winbind.so

file /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = DOMINIO.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
DOMINIO.LOCAL = {
kdc = server.dominio.local:88
admin_server = server.dominio.local:749
default_domain = dominio.local
}

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[domain_realm]
.dominio.local = DOMINIO.LOCAL
dominio.local = DOMINIO.LOCAL

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

file /etc/hosts

<ip del domain controller> server.dominio.local server

### comandi da shell
# kinit Administrator@DOMINIO.LOCAL
Password for Administrator@DOMINIO.LOCAL:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@DOMINIO.LOCAL

Valid starting     Expires            Service principal
03/05/11 17:55:34  03/06/11 00:35:34 krbtgt/DOMINIO.LOCAL@DOMINIO.LOCAL

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

# smbclient -L /server -k
<lista condivisioni>

file /etc/samba/smb.conf

### Global parameters
[global]
workgroup = DOMINIO
realm = DOMINIO.LOCAL
preferred master = no
netbios name = CUBE
server string = CUBE file server
security = ADS
encrypt passwords = yes
hosts allow = 10.0.0. 127.

log level = 3
log file = /var/log/samba/log_%U_%m
max log size = 50

winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes

idmap uid = 10000-20000
idmap gid = 10000-20000

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

### Sharing
[Public]
comment = Public
path = /home/DOMINIO/Public
read only = No
browseable = Yes
writeable = yes
public = yes
create mask = 0660
directory mask = 0770
valid users = @”DOMINIO+domain users”

[homes]
comment = Home
path = /home/DOMINIO/%U
browseable = no
writeable = yes
create mask = 0600
directory mask = 0700

### comandi da shell
# /etc/init.d/winbind start
# /etc/init.d/smb start
# net ads join -U Administrator
Joined ‘CUBE’ to realm ‘DOMINIO.LOCAL.’

file /etc/nsswitch.conf
passwd:     compat winbind
shadow:     compat
group:      compat winbind

### comandi da shell di verifica
# wbinfo -u
<lista utenti di dominio Active Directory>

# wbinfo -g
<lista gruppi di dominio Active Directory>

# getent passwd
<lista utenti locali e di active directory>

# net ads info

NOTA.
Se desideri ricevere aiuto o consulenza invia una richiesta gratuita compilando la scheda contatti al seguente link http://www.andreabalboni.com/contatti/ .

link di approndimento:
HOW to forge
Enterprise networking planet

twitterlinkedin