Ubuntu-ads-client: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
David (Diskussion | Beiträge) |
||
| Zeile 10: | Zeile 10: | ||
netmask 255.255.248.0 | netmask 255.255.248.0 | ||
gateway 192.168.240.100 | gateway 192.168.240.100 | ||
| − | dns-nameservers 192.168. | + | dns-nameservers 192.168.242.13 |
| − | dns-search | + | dns-search linuggs.lan |
</pre> | </pre> | ||
Version vom 15. Dezember 2016, 07:32 Uhr
Installation
Interface anpassen
vi /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.244.152 netmask 255.255.248.0 gateway 192.168.240.100 dns-nameservers 192.168.242.13 dns-search linuggs.lan
hosts anpassen
vi /etc/hosts 127.0.0.1 localhost 192.168.244.152 dewey dewey.xinux.org Console: echo dewey.xinux.org > /etc/hostname reboot
samba4 installieren
apt-get install samba smbclient winbind ntp libnss-winbind krb5-user acl
/etc/samba/smb.conf
[global] workgroup = XINUX security = ADS realm = XINUX.LAN encrypt passwords = yes idmap config XINUX:backend = ad idmap config *:backend = tdb idmap config * : range = 1000000-1999999 idmap config XINUX:schema_mode = rfc2307 idmap config XINUX:range = 10000-99999 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = Yes
/etc/krb5.conf
[libdefaults]
...
[realms]
XINUX.ORG = {
kdc = gondor.xinux.org
admin_server = gondor.xinux.org
....
domaine beitreten
net ads join -U administrator Enter administrator's password: Using short domain name -- XINUX Joined 'DEWEY' to dns domain 'xinux.org'
nsswitch.conf ändern
passwd: compat winbind group: compat winbind
ist winbind is "pingbar
root@fenetre:~# wbinfo -p Ping to winbindd succeeded
anzeigen der userliste
root@fenetre:~# wbinfo -u Administrator Guest krbtgt
function of nsswitch
getent passwd | grep 700 administrator:*:70001:70005:Administrator:/home/XINUX/administrator:/bin/bash dns-gondor:*:70002:70005:dns-gondor:/home/XINUX/dns-gondor:/bin/bash krbtgt:*:70003:70005:krbtgt:/home/XINUX/krbtgt:/bin/bash thomas:*:70004:70005:thomas:/home/XINUX/thomas:/bin/bash guest:*:70005:70006:Guest:/home/XINUX/guest:/bin/bash squid:*:70006:70005:squid:/home/XINUX/squid:/bin/bash
LIBPAM
libpam-winbind
apt-get install libpam-winbind
änderungen in /etc/pam.d/
sollten automatisch geändert worden sein
common-auth
auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so
common-account
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so account requisite pam_deny.so account required pam_permit.so
common-session
session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session optional pam_umask.so #add this if you want automatic creation of home dirs session required pam_mkhomedir.so umask=0022 skel=/etc/skel #end session required pam_unix.so session optional pam_winbind.so session optional pam_systemd.so
sudo
auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass auth required pam_deny.so @include common-account