Samba Winbind
2017/07/23 |
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
|
|||||||||
[1] | Install Winbind. |
[root@smb ~]# dnf -y install samba-winbind samba-winbind-clients pam_krb5
|
[2] | Configure Winbind. |
# change DNS setting to refer to AD's one [root@smb ~]# nmcli con mod ens3 ipv4.dns 10.0.0.100 [root@smb ~]# nmcli con down ens3; nmcli con up ens3
authconfig \ --enablekrb5 \ --krb5kdc=fd3s.srv.world \ --krb5adminserver=fd3s.srv.world \ --krb5realm=SRV.WORLD \ --enablewinbind \ --enablewinbindauth \ --smbsecurity=ads \ --smbrealm=SRV.WORLD \ --smbservers=fd3s.srv.world \ --smbworkgroup=FD3S01 \ --winbindtemplatehomedir=/home/%U \ --winbindtemplateshell=/bin/bash \ --enablemkhomedir \ --enablewinbindusedefaultdomain \ --update Job for winbind.service failed because the control process exited with error code. See "systemctl status winbind.service" and "journalctl -xe" for details. # Don't care the error above (winbind does not start before joining Domain) |
[3] | Join in Active Directory. |
# join in Active Directory ( net ads join -U [AD's admin user]) [root@smb ~]# net ads join -U Administrator Enter Serverworld's password: Using short domain name -- FD3S01 Joined 'SMB' to dns domain 'srv.world' No DNS domain configured for smb. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER # show domain info [root@smb ~]# net ads info LDAP server: 10.0.0.100 LDAP server name: FD3S.srv.world Realm: SRV.WORLD Bind Path: dc=SRV,dc=WORLD LDAP port: 389 Server time: Mon, 23 Jul 2017 10:13:19 JST KDC server: 10.0.0.100 Server time offset: 0 Last machine account password change: Mon, 23 Jul 2017 10:12:30 JST # show domain users [root@smb ~]# wbinfo -u administrator guest defaultaccount serverworld krbtgt # verify to switch to an AD user [root@smb ~]# su - Serverworld Creating directory '/home/serverworld'. [serverworld@smb ~]$ id uid=16777216(serverworld) gid=16777216(domain users) groups=16777216(domain users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |