Strumenti Utente
Indice
con realm
Join ad Active Directory
impostare ip statico e gateway in /etc/network/interface
impostare nome pc
#hostnamectl set-hosntname nomepc.dominio.com
impostare su resolv.conf solo i nameserver
nameserver xx.xx.xx.xx
fermare e disabilitare systemd-resolved
#systemctl disable systemd-resolved #systemctl stop systemd-resolved
installare
#apt-get install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
verificare prima del join
#realm discover casa.int
casa.int type: kerberos realm-name: CASA.INT domain-name: casa.int configured: no server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin
creare /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = CASA.INT
default_ccache_name = KEYRING:persistent:%{uid}
join
realm join -U administrator dominio.it
verificare dopo il join
#realm discover casa.int
casa.int type: kerberos realm-name: CASA.INT domain-name: casa.int configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U@casa.int login-policy: allow-realm-logins
altri installati
apt-get install acl attr
con net ads
inst con ins dominio
abilitare ssh root
ip statico
hosts senza search
resolv.conf
interface ip statico + dns-nameserver
reboot
apt-get install samba winbind libnss-winbind libpam-winbind acl realmd sssd-tools adcli packagekit samba-common samba-common-bin samba-libs resolvconf krb5-config smbclient krb5-user
stop samba e winbind
smbd -b |egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
pulire file tdb ldb
editare nsswitch
passwd: files winbind systemd sss group: files winbind systemd sss shadow: files winbind sss
krb5.conf viene automaticamente editato durante l'installazione di krb5 client
editare smb.conf
[global]
workgroup = DOMINIO security = ADS realm = DOMINIO.INT vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config DOMINIO : backend = rid idmap config DOMINIO : schema_mode = rfc2307 idmap config DOMINIO : range = 10000-999999 winbind use default domain = true winbind nss info = rfc2307 winbind enum users = yes winbind enum groups = yes
net ads join -U administrator
net ads testjoin
avviare prima winbind poi smbd
systemctl enable smbd winbind
verifica con
wbinfo --ping-dc
altro
getent group "DOMINIO\\gruppodacercare"
creare condivisione
riavviare
attribuire
setfacl -m g:"domain admins":rwx /condiv
oppure
setfacl -R -m g:"domain admins":rwx /condiv
ATTENZIONE
in alcuni casi è necessario disabilitare o disinstallare resolvconf
perchè non permette di mantenere l'elenco dei nameserver
Strumenti Pagina
