|
Samba Winbind
2015/05/20 |
|
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below. Domain Server : Windows Server 2008 R2 Domain Name : FD3S01 Realm : FD3S.SRV.WORLD Hostname : fd3s.srv.world
|
|
| [1] | Install Winbind. |
|
root@smb:~#
apt-get -y install winbind libpam-winbind libnss-winbind krb5-config # specify Realm +------------------+ Configuring Kerberos Authentication +------------------+ | When users attempt to use Kerberos and specify a principal or user name | | without specifying what administrative Kerberos realm that principal | | belongs to, the system appends the default realm. The default realm may | | also be used as the realm of a Kerberos service running on the local | | machine. Often, the default realm is the uppercase version of the local | | DNS domain. | | | | Default Kerberos version 5 realm: | | | | FD3S.SRV.WORLD________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ # specify the hostname of AD DS
+--------------+ Configuring Kerberos Authentication +---------------+
| Enter the hostnames of Kerberos servers in the FD3S.SRV.WORLD |
| Kerberos realm separated by spaces. |
| |
| Kerberos servers for your realm: |
| |
| fd3s.srv.world_________________________________________________ |
| |
| <Ok> |
| |
+--------------------------------------------------------------------+
# specify the hostname of AD DS +------------------+ Configuring Kerberos Authentication +------------------+ | Enter the hostname of the administrative (password changing) server for | | the FD3S.SRV.WORLD Kerberos realm. | | | | Administrative server for your Kerberos realm: | | | | fd3s.srv.world________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ |
| [2] | Configure Winbind. |
|
root@smb:~#
vi /etc/samba/smb.conf # line 29: change workgroup name to the one for AD DS and add lines like follows workgroup = FD3S01
password server = fd3s.srv.world
realm = FD3S.SRV.WORLD security = ads idmap config * : range = 16777216-33554431 template homedir = /home/%U template shell = /bin/bash winbind use default domain = true winbind offline logon = false
root@smb:~#
vi /etc/nsswitch.conf # line 7: add like follows passwd: compat winbind group: compat winbind shadow: compat
winbind
root@smb:~#
vi /etc/pam.d/common-session # add to the end if you need ( auto create a home directory when initial login ) session optional pam_mkhomedir.so skel=/etc/skel umask=077
root@smb:~#
vi /etc/network/interfaces # change name server to AD's one dns-nameservers 10.0.0.100
systemctl restart ifup@eth0
|
| [3] | Join in Windows Active Directory Domain. |
|
# join in Active Directory ( net ads join -U [AD's admin user]) root@smb:~# net ads join -U Administrator Enter Serverworld's password: Using short domain name -- FD3S01 Joined 'SMB' to dns domain 'fd3s.srv.world' No DNS domain configured for smb. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER
root@smb:~#
systemctl restart winbind
# display Active Directory users list root@smb:~# wbinfo -u administrator guest serverworld krbtgt # switch to a user in Active Directory root@smb:~# su - serverworld Creating directory '/home/serverworld'. serverworld@smb:~$ |