howto:turnkey:winbind_configurerern
Table of Contents
Turnkey: winbind configureren
Onderstaande configuratie voegt Linux toe aan het AD domein zodat je:
- kan aanmelden op Linux met AD gebruikers
- AD gebruiker/groepen kunt gebruiken om Linux te beveiligen
installatie software
voer volgende uit na een default install
apt-get install krb5-user libnss-winbind libpam-krb5 libpam-winbind libwbclient0 samba samba-dsdb-modules samba-vfs-modules winbind
Kerberos configuratie
vi /etc/krb5.conf
[logging]
Default = FILE:/var/log/krb5.log
[libdefaults]
ticket_lifetime = 24000
clock-skew = 300
default_realm = JACKLAND.NET
[realms]
JACKLAND.NET = {
kdc = ad1.jackland.net:88
admin_server = ad1.jackland.net:464
default_domain = jackland.net
}
[domain_realm]
.jackland.net = ad1.jackland.net
jackland.net = ad1.jackland.net
kinit -V Administrator@JACKLAND.NET Using principal: Administrator@JACKLAND.NET Password for Administrator@JACKLAND.NET: Authenticated to Kerberos v5
Samba configuratie
vi /etc/samba/smb.conf
[global]
security = ads
realm = JACKLAND.NET
workgroup = JACKLAND
password server = *
idmap config * : range = 16777216-33554431
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = true
winbind use default domain = yes
winbind expand groups = 3
template homedir = /home/%D/%U
template shell = /bin/bash
net ads join -U Administrator
/etc/init.d/winbind restart && /etc/init.d/samba restart
getent passwd | group
NSSwitch configuratie
vi /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat
PAM configuratie
pam-auth-update
vi /etc/pam.d/common-session
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
wie 't me heeft geleerd: AuthenticatingLinuxWithActiveDirectory
howto/turnkey/winbind_configurerern.txt · Last modified: 2024/11/16 18:14 by 127.0.0.1