Присоединение Ubuntu к Windows Active Directory
Исходная система:
1 2 3 4 5 6 |
root@ubuntu:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.3 LTS Release: 18.04 Codename: bionic |
Установка компонентов
1 |
root@ubuntu:~# apt install sssd-ad krb5-user samba chrony |
1 2 |
root@ubuntu:~# mv /etc/krb5.conf /etc/krb5.conf_bak root@ubuntu:~# mv /etc/samba/smb.conf /etc/samba/smb.conf_bak |
Подготовка файлов конфигураций:
1 2 3 4 5 6 |
root@ubuntu:~# touch /etc/krb5.conf root@ubuntu:~# chown root:root /etc/krb5.conf root@ubuntu:~# chmod 644 /etc/krb5.conf root@ubuntu:~# touch /etc/samba/smb.conf root@ubuntu:~# chown root:root /etc/samba/smb.conf root@ubuntu:~# chmod 644 /etc/samba/smb.conf |
Приводим содержимое krb5.conf к виду
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
root@ubuntu:~# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes rdns = false default_realm = SPECNIX.CORP [realms] [domain_realm] |
Приводим содержимое smd.conf к виду
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
root@ubuntu:~# cat /etc/samba/smb.conf [global] workgroup = SPECNIX security = ads client signing = yes client use spnego = yes kerberos method = secrets and keytab log file = /var/log/samba/%m.log password server = DC01.SPECNIX.CORP realm = SPECNIX.CORP [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @printadmin root force group = @printadmin create mask = 0664 directory mask = 0775 |
Добавить сервера времени в файл chrony.conf
1 |
root@ubuntu:~# nano /etc/chrony/chrony.conf |
Указать сервера
1 2 |
server dc01.specnix.corp server dc02.specnix.corp |
Автоматическое создание домашних каталогов для пользователей из домена
1 |
root@ubuntu:~# nano /etc/pam.d/common-session |
Добавить строчку
1 |
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 |
Создать конфигурацию для sssd
1 2 |
root@ubuntu:~# touch /etc/sssd/sssd.conf chmod 600 /etc/sssd/sssd.conf |
Привести содержимое sssd.conf к виду
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
root@ubuntu:~# grep /etc/sssd/sssd.conf [sssd] config_file_version = 2 domains = SPECNIX.CORP services = nss, pam, pac [domain/SPECNIX.CORP] id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad default_shell = /bin/bash fallback_homedir = /home/%d/%u cache_credentials = true |
Перезапустить службы
1 2 3 4 5 6 |
root@ubuntu:~# /etc/init.d/smbd restart [ ok ] Restarting smbd (via systemctl): smbd.service. root@ubuntu:~# /etc/init.d/nmbd restart [ ok ] Restarting nmbd (via systemctl): nmbd.service. root@ubuntu:~# /etc/init.d/sssd restart [ ok ] Restarting sssd (via systemctl): sssd.service. |
Выполнить последовательно команды для присоединения к домену
1 2 3 4 5 6 7 8 9 10 11 12 |
root@ubuntu:~# kinit Administrator root@ubuntu:~# net ads join -k Using short domain name -- SPECNIX Joined 'UBUNTU' to dns domain 'specnix.corp' DNS Update for ubuntu.specnix.corp failed: ERROR_DNS_INVALID_MESSAGE DNS update failed: NT_STATUS_UNSUCCESSFUL root@ubuntu:~# klist -k Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/ubuntu.specnix.corp@SPECNIX.CORP 2 host/UBUNTU@SPECNIX.CORP |
Добавить комментарий