Benutzer-Werkzeuge

Webseiten-Werkzeuge


server:ad-dm

Active Directory Domain Member

Grundlagen

Setting up Samba as an Active Directory Domain Member

Voraussetzung:

nano /etc/hosts
192.168.178.4 dm1.ds.<yourdomain>.spnds.org dm1 #127.0.1.1 auf dm1 entfernen
nano /etc/resolv.conf
search ds.<yourdomain>.spdns.org nameserver 192.168.178.3 (zeigt auf den dc1)

Test DNS: Muss nur auf dm1.ds.<yourdomain>.spdns.org und dm1 zeigen, nicht auf 127.0.0.1

getent hosts dm1

Installation von Samba

apt-get install samba smbclient

Installation von Kerberos

sudo apt-get install krb5-user
nano /etc/krb5.conf
[libdefaults] default_realm = DS.<YOURDOMAIN>.SPDNS.ORG dns_lookup_realm = false dns_lookup_kdc = true

Zeitsynchronisation

https://wiki.samba.org/index.php/Time_Synchronisation

apt-get install ntp
nano /etc/ntp.conf
server dc1.ds.<yourdomain>.spdns.org iburst prefer # server dc2.ds.<yourdomain>.spdns.org iburst # Die pool auskommentieren
systemctl restart ntp
systemctl status ntp

Kontrolle:

date

Samba vorbereiten

nano /etc/samba/smb.conf
[global] security = ADS workgroup = <YOURDOMAIN> realm = DS.<YOURDOMAIN>.SPDNS.ORG idmap config * : backend = tdb idmap config * : range = 3000-7999 #idmap config <YOURDOMAIN>:backend = ad #idmap config <YOURDOMAIN>:schema_mode = rfc2307 #idmap config <YOURDOMAIN>:range = 10000-999999 #winbind nss info = rfc2307 idmap config <YOURDOMAIN>:backend = rid idmap config <YOURDOMAIN>:range = 10000-999999 winbind nss info = template template shell = /bin/bash template homedir = /home/%U
net ads join -U administrator

… und verschieben des Computers in der ADS nach srv.c1

Name Service Switch

apt-get install winbind
apt-get install libnss-winbind
nano /etc/nsswitch.conf
passwd: files winbind group: files winbind oder passwd: compat winbind group: compat winbind
systemctl enable winbind
systemctl enable smbd
systemctl enable nmbd

Neustart:

reboot

Test:

systemctl status winbind
systemctl status smbd
systemctl status nmbd
wbinfo --ping-dc
getent passwd <YOURDOMAIN>\\<Benutzername>
getent group "<YOURDOMAIN>\Domain Users"

Log-Files: /var/log/samba

server/ad-dm.txt · Zuletzt geändert: 2018/10/04 10:36 von hse