Total de visualizações de página

segunda-feira, 25 de abril de 2016

Samba Winbind


Samba Winbind
2015/01/18
 
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server: Windows Server 2012 R2
Domain Name: FD3S01
Realm: FD3S.SERVER.WORLD
Hostname: fd3s.server.world
[1]Install Winbind.
[root@smb ~]# 
yum -y install samba-winbind samba-winbind-clients pam_krb5
[2]Configure Winbind.
# change DNS to Active Directory Host

[root@smb ~]# 
nmcli c modify eno16777736 ipv4.dns 10.0.0.100 

[root@smb ~]# 
nmcli c down eno16777736; nmcli c up eno16777736 

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
[root@smb ~]# 
authconfig \
--enablekrb5 \
--krb5kdc=fd3s.server.world \
--krb5adminserver=fd3s.server.world \
--krb5realm=FD3S.SERVER.WORLD \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbrealm=FD3S.SERVER.WORLD \
--smbservers=fd3s.server.world \
--smbworkgroup=FD3S01 \
--winbindtemplatehomedir=/home/%U \
--winbindtemplateshell=/bin/bash \
--enablemkhomedir \
--enablewinbindusedefaultdomain \
--update 

Job for winbind.service failed. See 'systemctl status winbind.service' and 'journalctl -xn' for details.
# it's no ploblem winbind failed like above now
[3]Join in Windows Active Directory Domain.
# join in Active Directory ( net ads join -U [AD's admin user])

[root@smb ~]# 
net ads join -U Administrator 

Enter Serverworld's password:
Using short domain name -- FD3S01
Joined 'LAN' to dns domain 'fd3s.server.world'
DNS Update for lan.server.world failed: ERROR_DNS_GSS_ERROR
DNS update failed: NT_STATUS_UNSUCCESSFUL
[root@smb ~]# 
systemctl start winbind 

[root@smb ~]# 
systemctl enable winbind
# show domain info

[root@smb ~]# 
net ads info 

LDAP server: 10.0.0.100
LDAP server name: fd3s.fd3s.server.world
Realm: FD3S.SERVER.WORLD
Bind Path: dc=FD3S,dc=SERVER,dc=WORLD
LDAP port: 389
Server time: Mon, 19 Jan 2015 01:37:41 JST
KDC server: 10.0.0.100
Server time offset: 0
# show AD users info

[root@smb ~]# 
wbinfo -u 

administrator
guest
serverworld
krbtgt
# try to switch to an AD user

[root@smb ~]# 
su - serverworld 

Creating directory '/home/serverworld'.
[serverworld@lan ~]$
Postado por às
Marcadores:

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)