|
Samba Winbind
2014/04/26 |
|
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below. Domain Server : Windows Server 2012 R2 Domain Name : FD3S01 Realm : FD3S.SRV.WORLD Hostname : fd3s.srv.world
|
|
| [1] | Install Winbind |
|
root@smb:~#
apt-get -y install winbind libpam-winbind libnss-winbind krb5-config # specify Realm +------------------+ Configuring Kerberos Authentication +------------------+ | When users attempt to use Kerberos and specify a principal or user name | | without specifying what administrative Kerberos realm that principal | | belongs to, the system appends the default realm. The default realm may | | also be used as the realm of a Kerberos service running on the local | | machine. Often, the default realm is the uppercase version of the local | | DNS domain. | | | | Default Kerberos version 5 realm: | | | | FD3S.SRV.WORLD________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ # specify the hostname of AD DS
+--------------+ Configuring Kerberos Authentication +---------------+
| Enter the hostnames of Kerberos servers in the FD3S.SRV.WORLD |
| Kerberos realm separated by spaces. |
| |
| Kerberos servers for your realm: |
| |
| fd3s.srv.world_________________________________________________ |
| |
| <Ok> |
| |
+--------------------------------------------------------------------+
# specify the hostname of AD DS +------------------+ Configuring Kerberos Authentication +------------------+ | Enter the hostname of the administrative (password changing) server for | | the FD3S.SRV.WORLD Kerberos realm. | | | | Administrative server for your Kerberos realm: | | | | fd3s.srv.world________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ |
| [2] | Configure Winbind |
|
root@smb:~#
vi /etc/samba/smb.conf # line 29: change workgroup name to the one for AD DS and add lines like follows workgroup = FD3S01
password server = fd3s.srv.world
realm = FD3S.SRV.WORLD security = ads idmap config * : range = 16777216-33554431 template homedir = /home/%U template shell = /bin/bash winbind use default domain = true winbind offline logon = false
root@smb:~#
vi /etc/nsswitch.conf # line 7: add like follows passwd: compat winbind group: compat winbind shadow: compat
winbind
root@smb:~#
vi /etc/pam.d/common-session # add at the last line if you need ( auto create a home directory when initial login ) session optional pam_mkhomedir.so skel=/etc/skel umask=077
root@smb:~#
vi /etc/network/interfaces # change name server to AD's one dns-nameservers 10.0.0.200
root@smb:~#
ifdown eth0 && ifup eth0
# join AD Domain ( net ads join -U [administrative user on AD]) root@smb:~# net ads join -U Serverworld Enter Serverworld's password: Using short domain name -- FD3S01 Joined 'SMB' to dns domain 'fd3s.srv.world' No DNS domain configured for smb. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER
root@smb:~#
initctl restart winbind winbind start/running, process 2721 root@smb:~# initctl restart smbd smbd start/running, process 2702 root@smb:~# initctl restart nmbd nmbd start/running, process 2714 # display user info on AD root@smb:~# wbinfo -u hiroyuki guest krbtgt linux fedora ubuntu debian mint serverworld sqladmin #switch to a user on AD root@smb:~# su - serverworld Creating directory '/home/serverworld'. serverworld@smb:~$ |