Ubuntu-ads-client: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 79: | Zeile 79: | ||
krbtgt | krbtgt | ||
− | === | + | ===function of nsswitch=== |
<pre> | <pre> | ||
getent passwd | grep 700 | getent passwd | grep 700 | ||
Zeile 91: | Zeile 91: | ||
*https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto | *https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto | ||
+ | =libpam-winbind= | ||
+ | apt-get install libpam-winbind | ||
+ | ==änderungen in /etc/pam.d/== | ||
+ | sollten automatisch geändert worden sein | ||
+ | ===common-auth=== | ||
+ | auth [success=2 default=ignore] pam_unix.so nullok_secure | ||
+ | auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass | ||
+ | auth requisite pam_deny.so | ||
+ | auth required pam_permit.so | ||
+ | auth optional pam_cap.so | ||
+ | ===common-account=== | ||
+ | account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so | ||
+ | account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so | ||
+ | account requisite pam_deny.so | ||
+ | account required pam_permit.so | ||
+ | ===common-session=== | ||
+ | session [default=1] pam_permit.so | ||
+ | session requisite pam_deny.so | ||
+ | session required pam_permit.so | ||
+ | session optional pam_umask.so | ||
+ | session required pam_unix.so | ||
+ | session optional pam_winbind.so | ||
+ | session optional pam_systemd.so |
Version vom 17. Juli 2014, 05:22 Uhr
auf dem domain controller
kinit administrator samba-tool dns add localhost xinux.org dewey A 192.168.244.152
Installation
Interface anpassen
vi /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.244.152 netmask 255.255.248.0 gateway 192.168.240.100 dns-nameservers 192.168.240.200 dns-search xinux.org
hosts anpassen
vi /etc/hosts 127.0.0.1 localhost 192.168.244.152 dewey dewey.xinux.org echo dewey.xinux.org > /etc/hostname reboot
samba4 installieren
apt-get install samba smbclient winbind ntp libnss-winbind lib krb5-user acl
/etc/samba/smb.conf
[global] workgroup = XINUX security = ADS realm = XINUX.ORG winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind refresh tickets = Yes template shell = /bin/bash idmap config * : range = 1000000 - 1999999 idmap config EXAMPLE : backend = rid idmap config EXAMPLE : range = 1000000 - 1999999
/etc/krb5.conf
[libdefaults] ... [realms] XINUX.ORG = { kdc = gondor.xinux.org admin_server = gondor.xinux.org ....
domaine beitreten
net ads join -U administrator Enter administrator's password: Using short domain name -- XINUX Joined 'DEWEY' to dns domain 'xinux.org'
nsswitch.conf ändern
passwd: compat winbind group: compat winbind
ist winbind is "pingbar
root@fenetre:~# wbinfo -p Ping to winbindd succeeded
anzeigen der userliste
root@fenetre:~# wbinfo -u Administrator Guest krbtgt
function of nsswitch
getent passwd | grep 700 administrator:*:70001:70005:Administrator:/home/XINUX/administrator:/bin/bash dns-gondor:*:70002:70005:dns-gondor:/home/XINUX/dns-gondor:/bin/bash krbtgt:*:70003:70005:krbtgt:/home/XINUX/krbtgt:/bin/bash thomas:*:70004:70005:thomas:/home/XINUX/thomas:/bin/bash guest:*:70005:70006:Guest:/home/XINUX/guest:/bin/bash squid:*:70006:70005:squid:/home/XINUX/squid:/bin/bash
libpam-winbind
apt-get install libpam-winbind
änderungen in /etc/pam.d/
sollten automatisch geändert worden sein
common-auth
auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass auth requisite pam_deny.so auth required pam_permit.so auth optional pam_cap.so
common-account
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so account requisite pam_deny.so account required pam_permit.so
common-session
session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session optional pam_umask.so session required pam_unix.so session optional pam_winbind.so session optional pam_systemd.so