====== Turnkey: winbind configureren ======
Onderstaande configuratie voegt Linux toe aan het AD domein zodat je:
- kan aanmelden op Linux met AD gebruikers
- AD gebruiker/groepen kunt gebruiken om Linux te beveiligen
===== installatie software =====
voer volgende uit na een [[:howto:turnkey:default_install|default install]] \\
''apt-get install krb5-user libnss-winbind libpam-krb5 libpam-winbind libwbclient0 samba samba-dsdb-modules samba-vfs-modules winbind''
===== Kerberos configuratie =====
''vi /etc/krb5.conf ''
[logging]
Default = FILE:/var/log/krb5.log
[libdefaults]
ticket_lifetime = 24000
clock-skew = 300
default_realm = JACKLAND.NET
[realms]
JACKLAND.NET = {
kdc = ad1.jackland.net:88
admin_server = ad1.jackland.net:464
default_domain = jackland.net
}
[domain_realm]
.jackland.net = ad1.jackland.net
jackland.net = ad1.jackland.net
kinit -V Administrator@JACKLAND.NET
Using principal: Administrator@JACKLAND.NET
Password for Administrator@JACKLAND.NET:
Authenticated to Kerberos v5
===== Samba configuratie =====
''vi /etc/samba/smb.conf''
[global]
security = ads
realm = JACKLAND.NET
workgroup = JACKLAND
password server = *
idmap config * : range = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = true
winbind use default domain = yes
winbind expand groups = 3
template homedir = /home/%D/%U
template shell = /bin/bash
''net ads join -U Administrator''
''/etc/init.d/winbind restart && /etc/init.d/samba restart''
''getent passwd | group''
===== NSSwitch configuratie =====
''vi /etc/nsswitch.conf'' passwd: compat winbind group: compat winbind shadow: compat
===== PAM configuratie =====
''pam-auth-update''
''vi /etc/pam.d/common-session''
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
wie 't me heeft geleerd: [[https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory|AuthenticatingLinuxWithActiveDirectory]]