the ad server: WIndows Server 2012r2
The linux server : centos 7
The linux server : centos 7
nano /etc/samba/smb.conf
[global]
workgroup = NETBIOSNAME
realm = FQDN.DOMAIN.COM
security = ads
idmap uid = 100000-200000
idmap gid = 100000-200000
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = yes
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
[userdata]
path = /user-data
browseable = yes
writeable = yes
valid users = +software
workgroup = NETBIOSNAME
realm = FQDN.DOMAIN.COM
security = ads
idmap uid = 100000-200000
idmap gid = 100000-200000
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = yes
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
[userdata]
path = /user-data
browseable = yes
writeable = yes
valid users = +software
Create Sharemkdir /software
chcon -t samba_share_t /software
chcon -t samba_share_t /software
Enable run serviceschkconfig smb on
chkconfig nmb on
chkconfig winbind on
chkconfig nmb on
chkconfig winbind on
Firewall rulesfirewall-cmd --zone=public --add-port=139/tcp --permanent
firewall-cmd --zone=public --add-port=445/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --add-port=445/tcp --permanent
firewall-cmd --reload
Edit Kerbos
nano /etc/krb.conf
[logging]
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FQDN.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
BIOPACK.BE = {
kdc = dcf.biopack.be
admin_server = dcf.biopack.be
}
[domain_realm]
.domain.com = FQDN.DOMAIN.COM
domain.com= FQDN.DOMAIN.COM
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FQDN.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
BIOPACK.BE = {
kdc = dcf.biopack.be
admin_server = dcf.biopack.be
}
[domain_realm]
.domain.com = FQDN.DOMAIN.COM
domain.com= FQDN.DOMAIN.COM
restart samba
join your domain : net join ads -u administrator@domain.com -S dc.domain.com
Edit ns switchnano etc/nsswitch.conf
and add :
passwd: files winbind
shadow: files winbind
group: files winbind
and add :
passwd: files winbind
shadow: files winbind
group: files winbind
service winbind restart
test: wbinfo -u
getent users
chown roont:software/user-data
Geen opmerkingen:
Een reactie posten