https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
Packages to install
aptitude install winbind samba smbclient libpam-winbind libnss-winbind
$ vi /etc/samba/smb.conf
[global]
security = ADS
workgroup = DOMAIN
realm = AD.DOMAIN
#log file = /var/log/samba/%m.log
#log level = 1
idmap config *:range = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
#
map acl inherit = yes
store dos attributes = yes
winbind refresh tickets = yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config * : schema_mode = rfc2307
idmap config * : default = yes
idmap config DOMAIN : backend = ad
idmap config * : backend = tdb
log file = /var/log/samba/log.%m
max log size = 1000
logging = fil
$ net ads join -U Administrator
$ systemctl restart winbind.service
$ systemctl restart smbd.service
$ systemctl restart nmbd.service
$ pam-auth-update
(make sure winbind is selected)
vi /etc/nsswitch.conf
changes:
passwd: compat systemd winbind group: compat systemd winbindTest it
$ getent passwd
$ wbinfo -u
This commands above should bring users from AD
In order to have users login you need to create it's home at /home/DOMAIN/user1
If you want sudo to work do:
for a group (this enable and do not ask for password)
%domain\ admins ALL=(ALL) NOPASSWD: ALL
for a user only
user1 ALL=(ALL) NOPASSWD: ALL
Nenhum comentário:
Postar um comentário