Ubuntu-ads-member: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
|||
| (9 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| − | =auf dem domain controller | + | =auf dem domain controller= |
kinit administrator | kinit administrator | ||
| − | samba-tool dns add localhost xinux. | + | samba-tool dns add localhost xinux.lan dewey A 192.168.244.152 |
=Installation= | =Installation= | ||
| Zeile 33: | Zeile 33: | ||
workgroup = XINUX | workgroup = XINUX | ||
security = ADS | security = ADS | ||
| − | realm = XINUX. | + | realm = XINUX.LAN |
encrypt passwords = yes | encrypt passwords = yes | ||
| + | idmap config XINUX:backend = ad | ||
idmap config *:backend = tdb | idmap config *:backend = tdb | ||
| − | idmap config *:range = | + | idmap config * : range = 1000000-1999999 |
| − | idmap config | + | idmap config XINUX:schema_mode = rfc2307 |
| − | + | idmap config XINUX:range = 10000-99999 | |
| − | idmap config | ||
winbind nss info = rfc2307 | winbind nss info = rfc2307 | ||
| Zeile 54: | Zeile 54: | ||
... | ... | ||
[realms] | [realms] | ||
| − | XINUX. | + | XINUX.LAN = { |
| − | kdc = gondor.xinux. | + | kdc = gondor.xinux.lan |
| − | admin_server = gondor.xinux. | + | admin_server = gondor.xinux.lan |
| + | } | ||
| + | |||
.... | .... | ||
</pre> | </pre> | ||
| Zeile 65: | Zeile 67: | ||
Enter administrator's password: | Enter administrator's password: | ||
Using short domain name -- XINUX | Using short domain name -- XINUX | ||
| − | Joined 'DEWEY' to dns domain 'xinux. | + | Joined 'DEWEY' to dns domain 'xinux.lan' |
</pre> | </pre> | ||
| Zeile 72: | Zeile 74: | ||
passwd: compat winbind | passwd: compat winbind | ||
group: compat winbind | group: compat winbind | ||
| + | |||
| + | ===winbind restart=== | ||
| + | service winbind restart | ||
===ist winbind is "pingbar=== | ===ist winbind is "pingbar=== | ||
Aktuelle Version vom 8. September 2014, 13:30 Uhr
auf dem domain controller
kinit administrator samba-tool dns add localhost xinux.lan dewey A 192.168.244.152
Installation
Interface anpassen
vi /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.244.152 netmask 255.255.248.0 gateway 192.168.240.100 dns-nameservers 192.168.240.200 dns-search xinux.org
hosts anpassen
vi /etc/hosts 127.0.0.1 localhost 192.168.244.152 dewey dewey.xinux.org echo dewey.xinux.org > /etc/hostname reboot
samba4 installieren
apt-get install samba smbclient winbind ntp libnss-winbind krb5-user acl
/etc/samba/smb.conf
[global] workgroup = XINUX security = ADS realm = XINUX.LAN encrypt passwords = yes idmap config XINUX:backend = ad idmap config *:backend = tdb idmap config * : range = 1000000-1999999 idmap config XINUX:schema_mode = rfc2307 idmap config XINUX:range = 10000-99999 winbind nss info = rfc2307 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes
/etc/krb5.conf
[libdefaults]
...
[realms]
XINUX.LAN = {
kdc = gondor.xinux.lan
admin_server = gondor.xinux.lan
}
....
domaine beitreten
net ads join -U administrator Enter administrator's password: Using short domain name -- XINUX Joined 'DEWEY' to dns domain 'xinux.lan'
nsswitch.conf ändern
passwd: compat winbind group: compat winbind
winbind restart
service winbind restart
ist winbind is "pingbar
root@fenetre:~# wbinfo -p Ping to winbindd succeeded
anzeigen der userliste
root@fenetre:~# wbinfo -u Administrator Guest krbtgt
funtioniert nsswitch
getent passwd | grep 700 administrator:*:70001:70005:Administrator:/home/XINUX/administrator:/bin/false dns-gondor:*:70002:70005:dns-gondor:/home/XINUX/dns-gondor:/bin/false krbtgt:*:70003:70005:krbtgt:/home/XINUX/krbtgt:/bin/false thomas:*:70004:70005:thomas:/home/XINUX/thomas:/bin/false guest:*:70005:70006:Guest:/home/XINUX/guest:/bin/false squid:*:70006:70005:squid:/home/XINUX/squid:/bin/false