Fedora 27
Sponsored Link

Samba Winbind2017/12/18
 
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs LAN 内に Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2016
Domain Name : FD3S01
Realm : SRV.WORLD
Hostname : fd3s.srv.world
[1] Install Winbind.
[root@smb ~]#
dnf -y install samba-winbind samba-winbind-clients pam_krb5
[2] Configure Winbind.
# change DNS setting to refer to AD's one

[root@smb ~]#
nmcli connection modify ens3 ipv4.dns 10.0.0.100

[root@smb ~]#
nmcli connection down ens3; nmcli connection up ens3
[root@smb ~]#
authconfig \
--enablekrb5 \
--krb5kdc=fd3s.srv.world \
--krb5adminserver=fd3s.srv.world \
--krb5realm=SRV.WORLD \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbrealm=SRV.WORLD \
--smbservers=fd3s.srv.world \
--smbworkgroup=FD3S01 \
--winbindtemplatehomedir=/home/%U \
--winbindtemplateshell=/bin/bash \
--enablemkhomedir \
--enablewinbindusedefaultdomain \
--update

Job for winbind.service failed because the control process exited with error code.
See "systemctl status winbind.service" and "journalctl -xe" for details.
# Don't care the error above (winbind does not start before joining Domain)
[3] Join in Active Directory.
# join in Active Directory ( net ads join -U [AD's admin user])

[root@smb ~]#
net ads join -U Administrator

Enter Serverworld's password:
Using short domain name -- FD3S01
Joined 'SMB' to dns domain 'srv.world'
No DNS domain configured for smb. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
[root@smb ~]#
systemctl start winbind

[root@smb ~]#
systemctl enable winbind
# show domain info

[root@smb ~]#
net ads info 

LDAP server: 10.0.0.100
LDAP server name: FD3S.srv.world
Realm: SRV.WORLD
Bind Path: dc=SRV,dc=WORLD
LDAP port: 389
Server time: Tue, 19 Dec 2017 19:12:29 JST
KDC server: 10.0.0.100
Server time offset: 0
Last machine account password change: Tue, 19 Dec 2017 19:11:42 JST
# show domain users

[root@smb ~]#
wbinfo -u 

administrator
guest
defaultaccount
serverworld
krbtgt
# verify to switch to an AD user

[root@smb ~]#
su - Serverworld

Creating directory '/home/serverworld'.
[serverworld@smb ~]$
id

uid=16777216(serverworld) gid=16777216(domain users) groups=16777216(domain users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Matched Content