StefanoStrozzi.it

Join ad Active Directory

impostare ip statico e gateway in /etc/network/interface

impostare nome pc

#hostnamectl set-hosntname nomepc.dominio.com

impostare su resolv.conf solo i nameserver

nameserver xx.xx.xx.xx

fermare e disabilitare systemd-resolved

#systemctl disable systemd-resolved
#systemctl stop systemd-resolved

installare

#apt-get install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

verificare prima del join

#realm discover casa.int

casa.int
type: kerberos
realm-name: CASA.INT
domain-name: casa.int
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin

creare /etc/krb5.conf

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_realm = CASA.INT
 default_ccache_name = KEYRING:persistent:%{uid}

join

realm join -U administrator dominio.it

verificare dopo il join

#realm discover casa.int

casa.int
type: kerberos
realm-name: CASA.INT
domain-name: casa.int
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %U@casa.int
login-policy: allow-realm-logins

altri installati

apt-get install acl attr

comunque una vola avviato eseguire subito:

pcs property set stonith-enabled=false
pcs property set no-quorum-policy=ignore

con debian bisogna usare crmsh

apt-get install crmsh

poi entrare nella configurazione con

crm configure

eseguire i seguenti passi

primitive p_drbd_0 ocf:linbit:drbd params drbd_resource="r0" op monitor interval="10"
ms ms_drbd_0 p_drbd_0 meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true"

rendere esecutivi i comandi

commit

creare l'IP

pcs resource create clstIP IPaddr2 ip="192.168.1.63" cidr_netmask="24" nic="enp1s0" mac="52:54:00:b0:8c:10"

https://github.com/ClusterLabs/pacemaker/blob/master/doc/pcs-crmsh-quick-ref.md

per la gestione del cluster su può usare pcs via web:
https://ip:2224

To domain-join an debian / ubuntu – server you first need to install realmd and its dependencies

sudo apt install -y realmd
sudo apt install -y sssd-tools sssd libnss-sss libpam-sss adcli
sudo apt install -y realmd packagekit

Join the server to your Active Directory-Domain

sudo realm join yourdomain.tld --user administrator

If you need to, replace “administrator” with another authorized user.

If the above command fails:
check if your user has the required permissions
check the password
try the following:

sudo realm join yourdomain.tld --user administrator --install=/

poi per la condivisione

chown "CASA\\ginopino:CASA\\domain users" /direct/

sito prova:
https://linuxtot.com/add-a-simple-samba-file-server-as-a-domain-member/
https://wiki.debian.org/Permissions

per il join al dominio

il file smb.conf

[global]

workgroup = CASA
security = ADS
realm = CASA.INT
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
idmap config * : backend = tdb
idmap config * : range   = 3000-7999
winbind use default domain = true
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes

verificare krb5.conf
e nsswitch.conf

passwd:         files winbind systemd
group:          files winbind systemd

cambiare password hacluster
eseguire corosync-keygen
copiare sull'altro nodo i file

per il cluster c'è poco da fare, aggiungere solo i nodi al nodelist { }
cambiare il nome del cluster
aggiungere two_node:1 alla sezione del quorum { }

avviare corosync e pacemaker

pcs property set stonith-enabled=false
pcs property set no-quorum-policy=ignore

poi usare crm per aggiungere le risorse

primitive p_drbd_0 ocf:linbit:drbd params drbd_resource="r0" op monitor interval="10"
ms ms_drbd_0 p_drbd_0 meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true"