==== con realm ====

Join ad Active Directory\\

impostare ip statico e gateway in /etc/network/interface \\

impostare nome pc\\
  #hostnamectl set-hosntname nomepc.dominio.com

impostare su resolv.conf solo i nameserver\\
  nameserver xx.xx.xx.xx
  
fermare e disabilitare systemd-resolved\\
  #systemctl disable systemd-resolved
  #systemctl stop systemd-resolved

installare\\
  #apt-get install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
  
verificare prima del join\\
  #realm discover casa.int

  casa.int
  type: kerberos
  realm-name: CASA.INT
  domain-name: casa.int
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin

creare /etc/krb5.conf\\
  [libdefaults]
   dns_lookup_realm = false
   ticket_lifetime = 24h
   renew_lifetime = 7d
   forwardable = true
   rdns = false
   default_realm = CASA.INT
   default_ccache_name = KEYRING:persistent:%{uid}

join\\
  realm join -U administrator dominio.it

verificare dopo il join\\
  #realm discover casa.int

  casa.int
  type: kerberos
  realm-name: CASA.INT
  domain-name: casa.int
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %U@casa.int
  login-policy: allow-realm-logins

altri installati\\
  apt-get install acl attr


==== con net ads ====

inst con ins dominio\\
abilitare ssh root\\
ip statico\\
hosts senza search\\
resolv.conf \\
interface ip statico + dns-nameserver\\
reboot\\

  apt-get install samba winbind libnss-winbind libpam-winbind acl realmd sssd-tools adcli packagekit samba-common samba-common-bin samba-libs resolvconf krb5-config smbclient krb5-user 

stop samba e winbind\\

  smbd -b |egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"

pulire file tdb ldb\\

editare nsswitch\\
  passwd:         files winbind systemd sss
  group:          files winbind systemd sss
  shadow:         files winbind sss


krb5.conf viene automaticamente editato durante l'installazione di krb5 client\\

editare smb.conf \\

  [global]

  workgroup = DOMINIO
  security = ADS
  realm = DOMINIO.INT
  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes
  idmap config * : backend = tdb
  idmap config * : range   = 3000-7999
  idmap config DOMINIO : backend = rid
  idmap config DOMINIO : schema_mode = rfc2307
  idmap config DOMINIO : range = 10000-999999
  winbind use default domain = true
  winbind nss info = rfc2307
  winbind enum users = yes
  winbind enum groups = yes


  net ads join -U administrator

  net ads testjoin

avviare prima winbind poi smbd\\
  systemctl enable smbd winbind
  
verifica con\\
  wbinfo --ping-dc
  
altro\\
  getent group "DOMINIO\\gruppodacercare"


creare condivisione\\

riavviare\\

attribuire \\

  setfacl -m g:"domain admins":rwx /condiv

oppure \\
  
  setfacl -R -m g:"domain admins":rwx /condiv

==== ATTENZIONE ====

in alcuni casi è necessario disabilitare o disinstallare resolvconf\\
perchè non permette di mantenere l'elenco dei nameserver\\