Ubuntu-ads-member: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 84: | Zeile 84: | ||
===funtioniert nsswitch=== | ===funtioniert nsswitch=== | ||
| − | + | <pre> | |
| − | + | getent passwd | grep 700 | |
| − | + | administrator:*:70001:70005:Administrator:/home/XINUX/administrator:/bin/false | |
| − | + | dns-gondor:*:70002:70005:dns-gondor:/home/XINUX/dns-gondor:/bin/false | |
| − | + | krbtgt:*:70003:70005:krbtgt:/home/XINUX/krbtgt:/bin/false | |
| + | thomas:*:70004:70005:thomas:/home/XINUX/thomas:/bin/false | ||
| + | guest:*:70005:70006:Guest:/home/XINUX/guest:/bin/false | ||
| + | squid:*:70006:70005:squid:/home/XINUX/squid:/bin/false | ||
| + | </pre> | ||
==Misc== | ==Misc== | ||
Version vom 16. Juli 2014, 19:43 Uhr
auf dem domain controller=
kinit administrator samba-tool dns add localhost xinux.org dewey A 192.168.244.152
Installation
Interface anpassen
vi /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.244.152 netmask 255.255.248.0 gateway 192.168.240.100 dns-nameservers 192.168.240.200 dns-search xinux.org
hosts anpassen
vi /etc/hosts 127.0.0.1 localhost 192.168.244.152 dewey dewey.xinux.org echo dewey.xinux.org > /etc/hostname reboot
samba4 installieren
apt-get install samba smbclient winbind ntp libnss-winbind krb5-user acl
/etc/samba/smb.conf
[global] workgroup = XINUX security = ADS realm = XINUX.ORG encrypt passwords = yes idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config SAMDOM:backend = ad idmap config SAMDOM:schema_mode = rfc2307 idmap config SAMDOM:range = 500-40000 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes
/etc/krb5.conf
[libdefaults]
...
[realms]
XINUX.ORG = {
kdc = gondor.xinux.org
admin_server = gondor.xinux.org
....
domaine beitreten
net ads join -U administrator Enter administrator's password: Using short domain name -- XINUX Joined 'DEWEY' to dns domain 'xinux.org'
nsswitch.conf ändern
passwd: compat winbind group: compat winbind
ist winbind is "pingbar
root@fenetre:~# wbinfo -p Ping to winbindd succeeded
anzeigen der userliste
root@fenetre:~# wbinfo -u Administrator Guest krbtgt
funtioniert nsswitch
getent passwd | grep 700 administrator:*:70001:70005:Administrator:/home/XINUX/administrator:/bin/false dns-gondor:*:70002:70005:dns-gondor:/home/XINUX/dns-gondor:/bin/false krbtgt:*:70003:70005:krbtgt:/home/XINUX/krbtgt:/bin/false thomas:*:70004:70005:thomas:/home/XINUX/thomas:/bin/false guest:*:70005:70006:Guest:/home/XINUX/guest:/bin/false squid:*:70006:70005:squid:/home/XINUX/squid:/bin/false
Misc
Adminpasswort läuft nicht ab
samba-tool user setexpiry administrator --noexpiry
Kennwortrichtlinie in Samba 4 Domain deaktivieren
samba-tool domain passwordsettings set --complexity=off samba-tool domain passwordsettings set --history-length=0 samba-tool domain passwordsettings set --min-pwd-age=0 samba-tool domain passwordsettings set --max-pwd-age=0 samba-tool domain passwordsettings set --min-pwd-length 0
Adminpasswort setzen
samba-tool user setpassword Administrator
Kennwortrichtlinie in Samba 4 Domain anzeigen
samba-tool domain passwordsettings show
SeDiskOperatorPrivilege
net rpc rights grant 'XINUX\Domain Admins' SeDiskOperatorPrivilege -Uadministrator
Vorhandene Rechte lassen sich so Anzeige
net rpc rights list accounts -Uadministrator
Userverwaltung
howto
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO