Fedora 26
Sponsored Link

Samba Winbind
2017/07/23
 
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2016
Domain Name : FD3S01
Realm : SRV.WORLD
Hostname : fd3s.srv.world
[1] Install Winbind.
[root@smb ~]#
dnf -y install samba-winbind samba-winbind-clients pam_krb5
[2] Configure Winbind.
# change DNS setting to refer to AD's one

[root@smb ~]#
nmcli con mod ens3 ipv4.dns 10.0.0.100

[root@smb ~]#
nmcli con down ens3; nmcli con up ens3
[root@smb ~]#
authconfig \
--enablekrb5 \
--krb5kdc=fd3s.srv.world \
--krb5adminserver=fd3s.srv.world \
--krb5realm=SRV.WORLD \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbrealm=SRV.WORLD \
--smbservers=fd3s.srv.world \
--smbworkgroup=FD3S01 \
--winbindtemplatehomedir=/home/%U \
--winbindtemplateshell=/bin/bash \
--enablemkhomedir \
--enablewinbindusedefaultdomain \
--update

Job for winbind.service failed because the control process exited with error code.
See "systemctl status winbind.service" and "journalctl -xe" for details.
# Don't care the error above (winbind does not start before joining Domain)
[3] Join in Active Directory.
# join in Active Directory ( net ads join -U [AD's admin user])

[root@smb ~]#
net ads join -U Administrator

Enter Serverworld's password:
Using short domain name -- FD3S01
Joined 'SMB' to dns domain 'srv.world'
No DNS domain configured for smb. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
[root@smb ~]#
systemctl start winbind

[root@smb ~]#
systemctl enable winbind
# show domain info

[root@smb ~]#
net ads info 

LDAP server: 10.0.0.100
LDAP server name: FD3S.srv.world
Realm: SRV.WORLD
Bind Path: dc=SRV,dc=WORLD
LDAP port: 389
Server time: Mon, 23 Jul 2017 10:13:19 JST
KDC server: 10.0.0.100
Server time offset: 0
Last machine account password change: Mon, 23 Jul 2017 10:12:30 JST
# show domain users

[root@smb ~]#
wbinfo -u 

administrator
guest
defaultaccount
serverworld
krbtgt
# verify to switch to an AD user

[root@smb ~]#
su - Serverworld

Creating directory '/home/serverworld'.
[serverworld@smb ~]$
id

uid=16777216(serverworld) gid=16777216(domain users) groups=16777216(domain users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
 
Tweet