Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
winbind_синхронизация_пользователей_с_microsoft_ad

This is an old revision of the document!

Table of Contents

WINBIND синхронизация пользователей с Microsoft AD

Настройка службы winbindd

FreeBSD

[gX:~] # /usr/local/etc/rc.d/samba stop

[gX:~] # cat /etc/rc.conf
…
nmbd_enable="NO"
smbd_enable="NO"
winbindd_enable="YES"
…

[gX:~] # cd /usr/local/etc/

Ubuntu

root@gX:~# /etc/init.d/samba stop

root@gX:~# apt-get install winbind

root@gX:~# cd /etc/samba

FreeBSD/Ubuntu

gX# cat smb.conf 
[global]
        workgroup = ADX
        security = DOMAIN
        idmap uid = 20000-40000
        idmap gid = 20000-40000
        template homedir = /home/%U
        template shell = /bin/sh
        winbind cache time = 36
        winbind use default domain = Yes
        winbind enum users = yes
        winbind enum groups = yes
gX# testparm 
Load smb config files from /usr/local/etc/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

Регистрация службы winbindd в домене

gX# net rpc join -U Administrator
Administrators's password: 
Joined domain ADX

Запуск службы winbindd

FreeBSD

[gX:~] # /usr/local/etc/rc.d/samba start

Ubuntu

root@gX:~# /etc/init.d/bind9 restart
root@gX:~# /etc/init.d/winbind start

Проверки

gX# ntlm_auth --username=uX
password: 
NT_STATUS_OK: Success (0x0)

gX# wbinfo -u
...

gX# wbinfo -g
...

Настройка библиотеки nsswitch на использование winbind

gX# cat /etc/nsswitch.conf
…
group: files winbind
passwd: files winbind
shadow: files winbind # for linux only
…

gX# wbinfo –n uX
gX# wbinfo –S …

gX# id uX

gX# chown -R uX:'domain users' /home/uX

Настройка библиотеки pam на использование winbind

FreeBSD

[gX:~] # cat /etc/pam.d/sshd
...
auth       sufficient      /usr/local/lib/pam_winbind.so
auth       required        pam_unix.so             no_warn try_first_pass

Ubuntu

root@gX:~# more /etc/pam.d/sshd
...
auth       sufficient  /lib/security/pam_winbind.so
# Standard Un*x authentication.
...
winbind_синхронизация_пользователей_с_microsoft_ad.1239878859.txt.gz · Last modified: 2013/05/22 13:50 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki