- Installer le serveur de temps NTP:
apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
Paramétrer- Interroger
lel'active fichier /etc/krb5.confdirectory
[libdefaults]root@linux-test:~# default_realmrealm =discover megaproduction.local
megaproduction.local
type: kerberos
realm-name: MEGAPRODUCTION.LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
rdns = false
# The following libdefaults parameters are only for Heimdal Kerberos.
fcc-mit-ticketflags = true
[realms]
DOMAIN.COM = {
kdc =domain-name: megaproduction.local
# domain specific parameter (domain controller name)
admin_server = megaproduction.local # domain specific parameter (domain controller name)
default_domain = DOMAIN.COM # domain specific parameter (full domain name)
}
[domain_realm]
.domain.com = MEGAPRODUCTION.LOCAL # domain specific parameter (domain name for dns names)
domain.com = MEGAPRODUCTION.LOCAL # domain specific parameter (domain name for dns names)
~
Paramétrer le fichier /etc/samba/smb.conf et y ajouter (en supprimant les doublons)
[global]
workgroup = DOMAIN # domain specific parameter (short domain name)
realm = DOMAIN.COM # domain specific parameter (full domain name)
security = ADS
encrypt passwords = true
socket options = TCP_NODELAY
domain master =configured: no
localserver-software: masteractive-directory
=client-software: nosssd
preferredrequired-package: mastersssd-tools
=required-package: nosssd
osrequired-package: levellibnss-sss
=required-package: 0libpam-sss
domainrequired-package: logonsadcli
=required-package: 0
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yessamba-common-bin
- Joindre le domain
netroot@linux-test:~# adsrealm join -Umegaproduction.local
AdministratorPassword for Administrator:
root@linux-test:~#
Retour de la commande si tout se passe bien:
Le serveur est ajouté sur l'active directory !!
- Voire les infos d'un utilistateur en particulier:
root@linux-test:~# id kvega@megaproduction.local
uid=683401106(kvega@megaproduction.local) gid=683400513(domain users@megaproduction.local) groups=683400513(domain users@megaproduction.local),683401103(gg-admin-domain@megaproduction.local),683401104(gg-admin-sys@megaproduction.local)
- Pour se connecter sans mettre le nom de domaine derrière le nom de l'utilisateur
- Éditer le fichier /etc/sssd/sssd.conf
- Modifier la ligne contenant
use_fully_qualified_names = False
- Redémarrer le service sssd
- Pour qu'à la première connexion de l'utilisateur sur le serveur son Home de créé
- Tester la connexion en tant qu'utilisateur de l'active directory
root@linux-test:~# su - kvega
Creating directory '/home/kvega@megaproduction.local'.
kvega@linux-test:~$ pwd
/home/kvega@megaproduction.local
