This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ntlm_авторизация_в_microsoft_ad [2009/04/20 13:05] val |
ntlm_авторизация_в_microsoft_ad [2011/07/06 14:39] val removed |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== NTLM авторизация в Microsoft AD ====== | + | ====== WINBIND авторизация в Microsoft AD ====== |
===== Настройка службы winbindd ===== | ===== Настройка службы winbindd ===== | ||
<code> | <code> | ||
- | gX# cat smb.conf | + | gate# cat smb.conf |
</code><code> | </code><code> | ||
[global] | [global] | ||
- | workgroup = ADX | + | workgroup = CORPX |
security = DOMAIN | security = DOMAIN | ||
+ | |||
winbind use default domain = Yes | winbind use default domain = Yes | ||
+ | winbind enum users = yes | ||
+ | winbind enum groups = yes | ||
+ | winbind cache time = 36 | ||
idmap uid = 20000-40000 | idmap uid = 20000-40000 | ||
idmap gid = 20000-40000 | idmap gid = 20000-40000 | ||
template homedir = /home/%U | template homedir = /home/%U | ||
template shell = /bin/sh | template shell = /bin/sh | ||
- | winbind enum users = yes | ||
- | winbind enum groups = yes | ||
- | winbind cache time = 36 | ||
</code> | </code> | ||
Line 24: | Line 24: | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [gX:~] # /usr/local/etc/rc.d/samba restart | + | [gate:~] # /usr/local/etc/rc.d/samba restart |
</code> | </code> | ||
==== Ubuntu ==== | ==== Ubuntu ==== | ||
<code> | <code> | ||
- | root@gX:~# /etc/init.d/bind9 restart | + | root@gate:~# /etc/init.d/winbind restart |
- | root@gX:~# /etc/init.d/winbind restart | + | |
</code> | </code> | ||
==== Проверки ==== | ==== Проверки ==== | ||
<code> | <code> | ||
- | gX# ntlm_auth --username=uX | + | gate# ntlm_auth --username=user1 |
password: | password: | ||
NT_STATUS_OK: Success (0x0) | NT_STATUS_OK: Success (0x0) | ||
- | gX# wbinfo -u | + | gate# wbinfo -u |
... | ... | ||
- | gX# wbinfo -g | + | gate# wbinfo -g |
... | ... | ||
</code> | </code> | ||
Line 48: | Line 47: | ||
===== Настройка библиотеки nsswitch на использование winbind ===== | ===== Настройка библиотеки nsswitch на использование winbind ===== | ||
<code> | <code> | ||
- | gX# cat /etc/nsswitch.conf | + | gate# cat /etc/nsswitch.conf |
… | … | ||
group: files winbind | group: files winbind | ||
Line 55: | Line 54: | ||
… | … | ||
- | gX# wbinfo -n uX | + | gate# wbinfo -n user1 |
- | gX# wbinfo -S … | + | gate# wbinfo -S … |
- | gX# id uX | + | gate# id user1 |
- | gX# chown -R uX:'domain users' /home/uX | + | gate# chown -R user1:'domain users' /home/user1/ |
- | </code> | + | gate# chown user1:'domain users' /var/mail/user1 |
- | ===== Настройка библиотеки pam на использование winbind ===== | + | gate# chown -R user2:'domain users' /home/user2/ |
- | + | gate# chown user2:'domain users' /var/mail/user2 | |
- | ==== FreeBSD ==== | + | |
- | <code> | + | |
- | [gX:~] # cat /etc/pam.d/sshd | + | |
- | ... | + | |
- | auth sufficient /usr/local/lib/pam_winbind.so | + | |
- | auth required pam_unix.so no_warn try_first_pass | + | |
- | </code> | + | |
- | + | ||
- | ==== Ubuntu ==== | + | |
- | root@g15:~# apt-get install libpam-modules | + | |
- | + | ||
- | <code> | + | |
- | root@gX:~# more /etc/pam.d/sshd | + | |
- | ... | + | |
- | auth sufficient pam_winbind.so | + | |
- | # Standard Un*x authentication. | + | |
- | ... | + | |
</code> | </code> | ||