This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
fileservices:samba_active_directory_integration_on_ubuntu [2013/03/15 10:32] 127.0.0.1 external edit |
fileservices:samba_active_directory_integration_on_ubuntu [2021/05/21 13:59] (current) tschulz [Install] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Samba Active Directory Integration on Ubuntu ====== | ====== Samba Active Directory Integration on Ubuntu ====== | ||
===== Install ===== | ===== Install ===== | ||
- | <code>apt-get install samba winbind ntp krb5-kdc krb5-admin-server rng-tools</code> | + | <code>apt-get install samba winbind ntp krb5-kdc krb5-admin-server rng-tools libnss-winbind libpam-winbind</code> |
===== /etc/krb5.conf ===== | ===== /etc/krb5.conf ===== | ||
<code>[logging] | <code>[logging] | ||
Line 28: | Line 28: | ||
debug = false | debug = false | ||
ticket_lifetime = 36000</code> | ticket_lifetime = 36000</code> | ||
+ | |||
+ | ===== NEW krb5.conf ===== | ||
+ | <file> | ||
+ | [libdefaults] | ||
+ | default_realm = SAMDOM.EXAMPLE.COM | ||
+ | dns_lookup_realm = false | ||
+ | dns_lookup_kdc = true | ||
+ | </file> | ||
+ | |||
===== /etc/network/interfaces ===== | ===== /etc/network/interfaces ===== | ||
<code>iface eth0 inet static | <code>iface eth0 inet static | ||
Line 67: | Line 76: | ||
template shell = /bin/bash | template shell = /bin/bash | ||
</code> | </code> | ||
- | ===== commands ===== | + | ===== Join domain ===== |
<code>kdb5_util create | <code>kdb5_util create | ||
kdb5_util stash | kdb5_util stash | ||
Line 73: | Line 82: | ||
</code> | </code> | ||
+ | ===== (Dynamic Home Directory Creation) pam_mkhomedir ===== | ||
+ | install libpam-mkhomedir | ||
+ | <file> | ||
+ | apt-get install libpam-mkhomedir | ||
+ | </file> | ||
+ | add **session required pam_mkhomedir.so skel=/etc/skel/ umask=0077** to common-session* | ||
+ | <file pam /etc/pam.d/common-session> | ||
+ | ... | ||
+ | # here are the per-package modules (the "Primary" block) | ||
+ | session [default=1] pam_permit.so | ||
+ | # here's the fallback if no module succeeds | ||
+ | session requisite pam_deny.so | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | session required pam_permit.so | ||
+ | |||
+ | session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 | ||
+ | ... | ||
+ | </file> | ||
+ | |||
+ | <file pam /etc/pam.d/common-session-noninteractive> | ||
+ | ... | ||
+ | # here are the per-package modules (the "Primary" block) | ||
+ | session [default=1] pam_permit.so | ||
+ | # here's the fallback if no module succeeds | ||
+ | session requisite pam_deny.so | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | session required pam_permit.so | ||
+ | |||
+ | session required pam_mkhomedir.so skel=/etc/skel/ umask=0077 | ||
+ | ... | ||
+ | </file> |