Samba : Samba Winbind2019/04/25 |
|
Samba Winbind で Windows の Active Directory ドメインに参加します。
LAN 内に Windows Active Directory Domain Service が稼働していることが前提です。
当例では、以下のような Active Directory ドメイン環境で設定します。
|
|||||||||||
| [1] | Winbind をインストールします。 |
|
root@smb:~#
apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules # レルム名を指定 +------------------+ Configuring Kerberos Authentication +------------------+ | When users attempt to use Kerberos and specify a principal or user name | | without specifying what administrative Kerberos realm that principal | | belongs to, the system appends the default realm. The default realm may | | also be used as the realm of a Kerberos service running on the local | | machine. Often, the default realm is the uppercase version of the local | | DNS domain. | | | | Default Kerberos version 5 realm: | | | | SRV.WORLD________________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ # AD DS のホスト名を指定
+--------------+ Configuring Kerberos Authentication +---------------+
| Enter the hostnames of Kerberos servers in the SRV.WORLD |
| Kerberos realm separated by spaces. |
| |
| Kerberos servers for your realm: |
| |
| fd3s.srv.world____________________________________________________ |
| |
| <Ok> |
| |
+--------------------------------------------------------------------+
# AD DS のホスト名を指定 +------------------+ Configuring Kerberos Authentication +------------------+ | Enter the hostname of the administrative (password changing) server for | | the SRV.WORLD Kerberos realm. | | | | Administrative server for your Kerberos realm: | | | | fd3s.srv.world___________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ |
| [2] | Winbind の設定です。 |
|
root@smb:~#
vi /etc/samba/smb.conf # 29行目:workgroup を AD DS の NetBIOS名に変更してその下に追記
workgroup = FD3S01
realm = SRV.WORLD security = ads idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config FD3S01 : backend = rid idmap config FD3S01 : range = 10000-999999 template homedir = /home/%U template shell = /bin/bash winbind use default domain = true winbind offline logon = false
root@smb:~#
vi /etc/nsswitch.conf # 7行目:以下のように追記 passwd: compat systemd winbind group: compat systemd winbind
root@smb:~#
vi /etc/pam.d/common-session # 必要があれば、最終行に追記 ( ログイン時にホームディレクトリを自動作成 ) session optional pam_mkhomedir.so skel=/etc/skel umask=077
nameservers:
addresses: [10.0.0.100]
root@smb:~# netplan apply
|
| [3] | Active Directory ドメインに参加します。 |
|
# ドメインに参加 ( net ads join -U [AD の管理者ユーザー]) root@smb:~# net ads join -U Administrator Enter Administrator's password: Using short domain name -- FD3S01 Joined 'SMB' to dns domain 'srv.world'
root@smb:~#
systemctl restart winbind
# AD のユーザー情報表示 root@smb:~# wbinfo -u administrator guest sshd krbtgt serverworld # AD のユーザーにスイッチ root@smb:~# su - serverworld Creating directory '/home/serverworld'. serverworld@smb:~$ serverworld@smb:~$ id uid=11103(serverworld) gid=10513(domain users) groups=10513(domain users),11103(serverworld) serverworld@smb:~$ |
| Sponsored Link |