Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace: доступ_к_приложениям_в_bare-metal_kubernetes практические_примеры_keycloak
ntlm_авторизация_в_microsoft_ad

This is an old revision of the document!

Table of Contents

NTLM авторизация в Microsoft AD

Настройка службы winbindd

gX# cat smb.conf 
[global]
        workgroup = ADX
        security = DOMAIN
        winbind use default domain = Yes

        idmap uid = 20000-40000
        idmap gid = 20000-40000
        template homedir = /home/%U
        template shell = /bin/sh
        winbind enum users = yes
        winbind enum groups = yes
        winbind cache time = 36

Запуск службы winbindd

FreeBSD

[gX:~] # /usr/local/etc/rc.d/samba restart

Ubuntu

root@gX:~# /etc/init.d/bind9 restart
root@gX:~# /etc/init.d/winbind restart

Проверки

gX# ntlm_auth --username=uX
password: 
NT_STATUS_OK: Success (0x0)

gX# wbinfo -u
...

gX# wbinfo -g
...

Настройка библиотеки nsswitch на использование winbind

gX# cat /etc/nsswitch.conf
…
group: files winbind
passwd: files winbind
shadow: files winbind # for linux only
…

gX# wbinfo -n uX
gX# wbinfo -S …

gX# id uX

gX# chown -R uX:'domain users' /home/uX
ntlm_авторизация_в_microsoft_ad.1240302649.txt.gz · Last modified: 2013/05/22 13:50 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki