Ubuntu-ads-member: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 59: | Zeile 59: | ||
.... | .... | ||
</pre> | </pre> | ||
| + | |||
| + | ==domaine beitreten== | ||
| + | <pre> | ||
| + | net ads join -U administrator | ||
| + | Enter administrator's password: | ||
| + | Using short domain name -- XINUX | ||
| + | Joined 'DEWEY' to dns domain 'xinux.org' | ||
| + | </pre> | ||
| + | |||
===nsswitch.conf ändern=== | ===nsswitch.conf ändern=== | ||
Version vom 16. Juli 2014, 19:42 Uhr
auf dem domain controller=
kinit administrator samba-tool dns add localhost xinux.org dewey A 192.168.244.152
Installation
Interface anpassen
vi /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.244.152 netmask 255.255.248.0 gateway 192.168.240.100 dns-nameservers 192.168.240.200 dns-search xinux.org
hosts anpassen
vi /etc/hosts 127.0.0.1 localhost 192.168.244.152 dewey dewey.xinux.org echo dewey.xinux.org > /etc/hostname reboot
samba4 installieren
apt-get install samba smbclient winbind ntp libnss-winbind krb5-user acl
/etc/samba/smb.conf
[global] workgroup = XINUX security = ADS realm = XINUX.ORG encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config SAMDOM:backend = ad idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:range = 500-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes
/etc/krb5.conf
[libdefaults]
...
[realms]
XINUX.ORG = {
kdc = gondor.xinux.org
admin_server = gondor.xinux.org
....
domaine beitreten
net ads join -U administrator Enter administrator's password: Using short domain name -- XINUX Joined 'DEWEY' to dns domain 'xinux.org'
nsswitch.conf ändern
passwd: compat winbind group: compat winbind
ist winbind is "pingbar
root@fenetre:~# wbinfo -p Ping to winbindd succeeded
anzeigen der userliste
root@fenetre:~# wbinfo -u Administrator Guest krbtgt
funtioniert nsswitch
root@fenetre:~# getent passwd | grep XINUX XINUX\Administrator:*:0:100::/home/XINUX/Administrator:/bin/false XINUX\Guest:*:3000011:3000012::/home/XINUX/Guest:/bin/false XINUX\krbtgt:*:3000017:100::/home/XINUX/krbtgt:/bin/false
Misc
Adminpasswort läuft nicht ab
samba-tool user setexpiry administrator --noexpiry
Kennwortrichtlinie in Samba 4 Domain deaktivieren
samba-tool domain passwordsettings set --complexity=off samba-tool domain passwordsettings set --history-length=0 samba-tool domain passwordsettings set --min-pwd-age=0 samba-tool domain passwordsettings set --max-pwd-age=0 samba-tool domain passwordsettings set --min-pwd-length 0
Adminpasswort setzen
samba-tool user setpassword Administrator
Kennwortrichtlinie in Samba 4 Domain anzeigen
samba-tool domain passwordsettings show
SeDiskOperatorPrivilege
net rpc rights grant 'XINUX\Domain Admins' SeDiskOperatorPrivilege -Uadministrator
Vorhandene Rechte lassen sich so Anzeige
net rpc rights list accounts -Uadministrator
Userverwaltung
howto
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO