sábado, maio 04, 2019

ActiveDirectory Winbind Howto authenticate linux user with AD or samba-server


Packages to install
aptitude install winbind samba  smbclient libpam-winbind libnss-winbind

$ vi /etc/samba/smb.conf

       security = ADS
       workgroup = DOMAIN
       realm = AD.DOMAIN
       #log file = /var/log/samba/%m.log
       #log level = 1
       idmap config *:range = 10000-20000

        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind use default domain = yes
       map acl inherit = yes
       store dos attributes = yes
       winbind refresh tickets = yes
       winbind enum users = Yes
       winbind enum groups = Yes
       winbind use default domain = Yes

       idmap config * : schema_mode = rfc2307
       idmap config * : default = yes
       idmap config DOMAIN : backend = ad
       idmap config * : backend = tdb

       log file = /var/log/samba/log.%m
       max log size = 1000
       logging = fil

$ net ads join -U Administrator

$ systemctl restart winbind.service
$ systemctl restart smbd.service
$ systemctl restart nmbd.service
$ pam-auth-update
 (make sure winbind is selected)

vi /etc/nsswitch.conf
passwd:         compat systemd winbind
group:          compat systemd winbind

Test it
$ getent passwd
$ wbinfo -u

This commands above should bring users from AD

In order to have users login you need to create it's home at /home/DOMAIN/user1

If you want sudo to work do:
for a group (this enable and do not ask for password)
%domain\ admins ALL=(ALL) NOPASSWD: ALL
for a user only

Nenhum comentário: