1) /etc/resolv.conf
search domena.local
nameserver IPA.DRE.SAP.DC
2) /etc/smb.conf
[global]
server string =
encrypt passwords = Yes
netbios name = LINUX
security = domain
workgroup = SKUPINA
password server = Název serveru
realm = DNS název domény
winbind use default domain = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users=yes
winbind enum groups=yes
winbind nested groups = Yes
winbind separator = +
interfaces = eth1
bind interfaces only = yes
log level = 3
log file = /var/log/samba/log.%m
store dos attributes = yes
create mask = 770
force create mode = 770
directory mask = 770
3)
sudo apt-get install heimdal-clients libpam-heimdal/etc/krb5.conf
[libdefaults]
clockskew = 600
default_realm = DOMENA.LOCAL
[realms]
DNS NÁZEV DOMÉNY = {
kdc = PDC
default_domain = DOMENA
kpasswd_server = PDC.DOMENA.LOCAL
}
[domain_realm]
.domena.local = DOMENA.LOCAL
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
4) /etc/pam.d/samba
//pridat na zacatek
auth required /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
5) prihlaseni do domeny
net rpc join -S PDC -U administrator
net rpc join -W DOMENA -U administrator
6) /etc/nsswitch.conf
passwd: files winbind
group: files winbind
hosts: files dns winbind
7) wbinfo
wbinfo --set-auth-user=administrator%'bigsecret'
8) test
nmbd; smbd; winbindd;
wbinfo -u //uzivatele
wbinfo -g //skupiny
9) problemy
-debug mod winbodd
+/etc/init.d/winbindd stop
winbindd -d 3 -i
-pripoji se ale nenacte uzivatele (wbinfo -u) (~win 2000)
+do smb.conf pridat client schannel = no
(http://www.gatago.com/linux/samba/14514734.html,
http://kbase.redhat.com/faq/FAQ_85_5515.shtm)
-zadani skupiny s mezerou v nazvu do valid users
+valid users = "@domain admins"
-windows 7
=upravit nastavení NTLM http://www.builderau.com.au/blogs/codemonkeybusiness/viewblogpost.htm?p=339270746
-------------------------
http://lilly.csoft.net/~vdebaere/handleiding/samba-activedirectory/index_en.html
http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#ch9-adssdm
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html#id2587424
http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2523211
do smb.conf (http://www.wlug.org.nz/ActiveDirectorySamba)[vubec nevim co sem tim chtel rict]
-------------------------
/etc/resolv.conf
/etc/samba/smb.conf
/etc/pam.d/samba
/etc/nsswitch.conf
/etc/krb5.conf
Žádné komentáře:
Okomentovat