|
Samba Winbind
2015/06/03 |
|
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2008 R2 Domain Name : E-FD3S0 Realm : E-FD3S.SRV.WORLD Hostname : e-fd3s.srv.world
|
|
| [1] | Install Winbind. |
|
[root@smb ~]# dnf -y install samba-winbind samba-winbind-clients pam_krb5
|
| [2] | Configure Winbind. |
|
# change DNS setting to AD's one [root@smb ~]# nmcli c modify eno16777736 ipv4.dns 10.0.0.100 [root@smb ~]# nmcli c down eno16777736; nmcli c up eno16777736 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) authconfig \ --enablekrb5 \ --krb5kdc=e-fd3s.srv.world \ --krb5adminserver=e-fd3s.srv.world \ --krb5realm=E-FD3S.SRV.WORLD \ --enablewinbind \ --enablewinbindauth \ --smbsecurity=ads \ --smbrealm=E-FD3S.SRV.WORLD \ --smbservers=e-fd3s.srv.world \ --smbworkgroup=E-FD3S0 \ --winbindtemplatehomedir=/home/%U \ --winbindtemplateshell=/bin/bash \ --enablemkhomedir \ --enablewinbindusedefaultdomain \ --update getsebool: SELinux is disabled |
| [3] | Join in Windows Active Directory Domain. |
|
# join in Active Directory ( net ads join -U [AD's admin user]) [root@smb ~]# net ads join -U Serverworld Enter Serverworld's password: Using short domain name -- E-FD3S0 Joined 'LAN' to dns domain 'e-fd3s.srv.world' DNS Update for lan.srv.world failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL # show domain info [root@smb ~]# net ads info LDAP server: 10.0.0.100 LDAP server name: e-fd3s.e-fd3s.srv.world Realm: E-FD3S.SRV.WORLD Bind Path: dc=E-FD3S,dc=SERVER,dc=WORLD LDAP port: 389 Server time: Wed, 24 Dec 2014 21:31:53 JST KDC server: 10.0.0.150 Server time offset: -1 # make sure it's possible to switch to an AD user [root@smb ~]# su - Serverworld Creating home directory for serverworld. [serverworld@lan ~]$ |