Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

--- debian:joinad [2020/12/02 16:40]
stefano
+++ debian:joinad [2023/04/17 14:25] (versione attuale)
@@ Linea 1: / Linea 1: @@
-===== indice =====
+==== con realm ====
-aa\\
+Join ad Active Directory\\
-===== indice2 =====
+impostare ip statico e gateway in /etc/network/interface \\
+impostare nome pc\\
+  #hostnamectl set-hosntname nomepc.dominio.com
+impostare su resolv.conf solo i nameserver\\
+  nameserver xx.xx.xx.xx
+fermare e disabilitare systemd-resolved\\
+  #systemctl disable systemd-resolved
+  #systemctl stop systemd-resolved
+installare\\
+  #apt-get install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
+verificare prima del join\\
+  #realm discover casa.int
+  casa.int
+  type: kerberos
+  realm-name: CASA.INT
+  domain-name: casa.int
+  configured: no
+  server-software: active-directory
+  client-software: sssd
+  required-package: sssd-tools
+  required-package: sssd
+  required-package: libnss-sss
+  required-package: libpam-sss
+  required-package: adcli
+  required-package: samba-common-bin
+creare /etc/krb5.conf\\
+  [libdefaults]
+   dns_lookup_realm = false
+   ticket_lifetime = 24h
+   renew_lifetime = 7d
+   forwardable = true
+   rdns = false
+   default_realm = CASA.INT
+   default_ccache_name = KEYRING:persistent:%{uid}
+join\\
+  realm join -U administrator dominio.it
+verificare dopo il join\\
+  #realm discover casa.int
+  casa.int
+  type: kerberos
+  realm-name: CASA.INT
+  domain-name: casa.int
+  configured: kerberos-member
+  server-software: active-directory
+  client-software: sssd
+  required-package: sssd-tools
+  required-package: sssd
+  required-package: libnss-sss
+  required-package: libpam-sss
+  required-package: adcli
+  required-package: samba-common-bin
+  login-formats: %U@casa.int
+  login-policy: allow-realm-logins
+altri installati\\
+  apt-get install acl attr
+==== con net ads ====
+inst con ins dominio\\
+abilitare ssh root\\
+ip statico\\
+hosts senza search\\
+resolv.conf \\
+interface ip statico + dns-nameserver\\
+reboot\\
+  apt-get install samba winbind libnss-winbind libpam-winbind acl realmd sssd-tools adcli packagekit samba-common samba-common-bin samba-libs resolvconf krb5-config smbclient krb5-user
+stop samba e winbind\\
+  smbd -b |egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
+pulire file tdb ldb\\
+editare nsswitch\\
+  passwd:         files winbind systemd sss
+  group:          files winbind systemd sss
+  shadow:         files winbind sss
+krb5.conf viene automaticamente editato durante l'installazione di krb5 client\\
+editare smb.conf \\
+  [global]
+  workgroup = DOMINIO
+  security = ADS
+  realm = DOMINIO.INT
+  vfs objects = acl_xattr
+  map acl inherit = Yes
+  store dos attributes = Yes
+  idmap config * : backend = tdb
+  idmap config * : range   = 3000-7999
+  idmap config DOMINIO : backend = rid
+  idmap config DOMINIO : schema_mode = rfc2307
+  idmap config DOMINIO : range = 10000-999999
+  winbind use default domain = true
+  winbind nss info = rfc2307
+  winbind enum users = yes
+  winbind enum groups = yes
+  net ads join -U administrator
+  net ads testjoin
+avviare prima winbind poi smbd\\
+  systemctl enable smbd winbind
+verifica con\\
+  wbinfo --ping-dc
+altro\\
+  getent group "DOMINIO\\gruppodacercare"
+creare condivisione\\
+riavviare\\
+attribuire \\
+  setfacl -m g:"domain admins":rwx /condiv
+oppure \\
+  setfacl -R -m g:"domain admins":rwx /condiv
+==== ATTENZIONE ====
+in alcuni casi è necessario disabilitare o disinstallare resolvconf\\
+perchè non permette di mantenere l'elenco dei nameserver\\
-bbb\\

StefanoStrozzi.it

Strumenti Utente

Strumenti Sito

Differenze

Strumenti Pagina