Centos samba join to domain controller ADS 2008

Linee guida su come mettere in JOIN il servizio samba su un dominio active directory di microsoft windows 2008.

Prerequisiti software:
(centos 64bit)
yum install samba3x.x86_64 samba3x-client.x86_64 samba3x-common.x86_64 samba3x-winbind.x86_64 samba3x-winbind-devel.x86_64

I file di configurazione interessati sono:
/etc/resolv.conf
/etc/pam.d/login
/etc/krb5.conf
/etc/hosts
/etc/samba/smb.conf
/etc/nsswitch.conf

file /etc/resolv.conf
<aggiungere il server domain controller nella lista nameserver>
nameserver <ip del server>

file /etc/pam.d/login
<aggiungere le seguenti righe; nella versione 32 bit serve
verificare la posizione del file pam_winbind.so>

auth sufficient /lib64/security/pam_winbind.so
account sufficient /lib64/security/pam_winbind.so

file /etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = DOMINIO.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
DOMINIO.LOCAL = {
kdc = server.dominio.local:88
admin_server = server.dominio.local:749
default_domain = dominio.local
}

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[domain_realm]
.dominio.local = DOMINIO.LOCAL
dominio.local = DOMINIO.LOCAL

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

file /etc/hosts

<ip del domain controller> server.dominio.local server

### comandi da shell
# kinit Administrator@DOMINIO.LOCAL
Password for Administrator@DOMINIO.LOCAL:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@DOMINIO.LOCAL

Valid starting     Expires            Service principal
03/05/11 17:55:34  03/06/11 00:35:34 krbtgt/DOMINIO.LOCAL@DOMINIO.LOCAL

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

# smbclient -L /server -k
<lista condivisioni>

file /etc/samba/smb.conf

### Global parameters
[global]
workgroup = DOMINIO
realm = DOMINIO.LOCAL
preferred master = no
netbios name = CUBE
server string = CUBE file server
security = ADS
encrypt passwords = yes
hosts allow = 10.0.0. 127.

log level = 3
log file = /var/log/samba/log_%U_%m
max log size = 50

winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes

idmap uid = 10000-20000
idmap gid = 10000-20000

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

### Sharing
[Public]
comment = Public
path = /home/DOMINIO/Public
read only = No
browseable = Yes
writeable = yes
public = yes
create mask = 0660
directory mask = 0770
valid users = @”DOMINIO+domain users”

[homes]
comment = Home
path = /home/DOMINIO/%U
browseable = no
writeable = yes
create mask = 0600
directory mask = 0700

### comandi da shell
# /etc/init.d/winbind start
# /etc/init.d/smb start
# net ads join -U Administrator
Joined ‘CUBE’ to realm ‘DOMINIO.LOCAL.’

file /etc/nsswitch.conf
passwd:     compat winbind
shadow:     compat
group:      compat winbind

### comandi da shell di verifica
# wbinfo -u
<lista utenti di dominio Active Directory>

# wbinfo -g
<lista gruppi di dominio Active Directory>

# getent passwd
<lista utenti locali e di active directory>

# net ads info

NOTA.
Se desideri ricevere aiuto o consulenza invia una richiesta gratuita compilando la scheda contatti al seguente link http://www.andreabalboni.com/contatti/ .

link di approndimento:
HOW to forge
Enterprise networking planet