Samba Server + AD

Samba Server

sudo tasksel
sudo apt-get install winbind krb5-user
sudo cp /etc/krb5.conf krb5.conf.bak
sudo cp /etc/samba/smb.conf smb.conf.bak
sudo rm /etc/samba/smb.conf
sudo rm /etc/krb5.conf

sudo nano /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

[libdefaults]
default_realm = MY.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24000

[realms]
MY.LOCAL = {
kdc = server.my.local
admin_server = server.my.local
default_domain = MY.LOCAL
}

[domain_realm]
.my.local = MY.LOCAL
my.local = MY.LOCAL


sudo nano /etc/samba/smb.conf
[global]

workgroup = MY
realm = MY.LOCAL
netbios name = myrservername
server string = %h server (Samba %v, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ADS
domain master = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
winbind separator = +
usershare allow guests = yes
sudo /etc/init.d/smbd restart
sudo /etc/init.d/winbind restart

При присоединение к домену была эррора DNS.
Профикс: на сервере DNS создать запись узла и выставить
"Разрешить любому прошедшему проверку пользователю обновлять DNS
записи с таким же именем владельца"

sudo nano /etc/hosts
127.0.0.1 localhost
127.0.1.1 myrservername myrservername.my.local
sudo net ads join -U Administrator@MY.LOCAL


sudo nano /etc/nsswitch.conf


passwd: compat winbind
group: compat winbind
shadow: compat winbind

hosts: files dns wins
networks: files dns

protocols: db files
services: db files
ethers: db files
rpc: db files
wbinfo -u
wbinfo -g
net ads info

зы:
server - имя сервера AD
myservername - имя нашего сервера

для удобства http://pastie.org/1162381

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *