Samba : Samba Winbind2021/05/20 |
Join in Windows Active Directory Domain with Samba Winbind.
This tutorial needs Windows Active Directory Domain Service in your Local Network.
This example is based on the environment like follows.
|
|||||||||||
[1] | Install Winbind. |
[root@smb ~]# dnf -y install samba-winbind samba-winbind-clients oddjob-mkhomedir
|
[2] | Configure Samba. |
[root@smb ~]#
vi /etc/krb5.conf # line 20 : uncomment and specify Realm default_realm = SRV.WORLD
# line 24-27 : uncomment and specify Realm and Hostname of AD [realms] SRV.WORLD = { kdc = fd3s.srv.world admin_server = fd3s.srv.world } # create new # replace [realm] and [workgroup] for your environment [global] kerberos method = secrets and keytab realm = SRV.WORLD workgroup = FD3S01 security = ads template shell = /bin/bash winbind enum groups = Yes winbind enum users = Yes winbind separator = + idmap config * : rangesize = 1000000 idmap config * : range = 1000000-19999999 idmap config * : backend = autorid # switch to Winbind [root@smb ~]# authselect select winbind --force Profile "winbind" was selected. The following nsswitch maps are overwritten by the profile: - passwd - group Make sure that winbind service is configured and enabled. See winbind documentation for more information. # set if you need (create home directory when initial login) [root@smb ~]# authselect enable-feature with-mkhomedir [root@smb ~]# systemctl enable --now oddjobd
|
[3] | Join in Active Directory Domain. |
# change DNS setting to refer to AD [root@smb ~]# nmcli connection modify enp1s0 ipv4.dns 10.0.0.100 [root@smb ~]# nmcli connection down enp1s0; nmcli connection up enp1s0 Connection 'enp1s0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) # join in domain [-U (AD user)] [root@smb ~]# net ads join -U Administrator Enter Administrator's password: Using short domain name -- FD3S01 Joined 'SMB' to dns domain 'srv.world' No DNS domain configured for smb. Unable to perform DNS Update. DNS update failed: NT_STATUS_INVALID_PARAMETER
[root@smb ~]#
systemctl enable --now winbind
# show domain info [root@smb ~]# net ads info LDAP server: 10.0.0.100 LDAP server name: fd3s.srv.world Realm: SRV.WORLD Bind Path: dc=SRV,dc=WORLD LDAP port: 389 Server time: Thu, 20 May 2021 11:24:00 JST KDC server: 10.0.0.100 Server time offset: 0 Last machine account password change: Thu, 20 May 2021 11:23:45 JST # show AD user list [root@smb ~]# wbinfo -u FD3S01+administrator FD3S01+guest FD3S01+krbtgt FD3S01+serverworld FD3S01+sqladmin FD3S01+ldapuser FD3S01+cent FD3S01+fedora # verify possible to login with AD user [root@smb ~]# exit
logout
Fedora 34 (Server Edition)
Kernel 5.11.12-300.fc34.x86_64 on an x86_64 (ttyS0)
Activate the web console with: systemctl enable --now cockpit.socket
smb login: FD3S01+serverworld
Password:
[FD3S01+serverworld@smb ~]$ id
uid=2001105(FD3S01+serverworld) gid=2000513(FD3S01+domain users) groups=2000513(FD3S01+domain users),2000512(FD3S01+domain admins),2000572(FD3S01+denied rodc password replication group),2001105(FD3S01+serverworld) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |
Sponsored Link |