Samba ввести в домен¶
net ads join -U administrator - ввести в домен
net ads leave -U administrator - вывести самбу из домена
вводим в домен AD вторым контроллером
samba-tool domain join test.local DC -U useradmin
проверим работу службы репликации каталогов (DRS)
samba-tool drs showrepl
минимальный конфиг для рабочей станции¶
/etc/krb5.conf
[libdefaults] default_realm = NET.LAN clockskew = 300 v4_instance_resolve = false [realms] NET.LAN = { kdc = dc0.net.lan admin_server = dc0.net.lan default_domain = net.lan } [domain_realm] .net.lan = NET.LAN net.lan = NET.LAN
[global] ldap server require strong auth = No realm = NET.LAN server string = samba server role = member server workgroup = NET security = ADS password server = dc0 encrypt passwords = Yes #logon script = %U.bat kerberos method = secrets only winbind use default domain = true winbind offline logon = false passdb backend = tdbsam log level = 5 max log size = 20480 wins support = yes idmap config * : range = 10000-24999999 idmap config * : rangesize = 200000 idmap config * : backend = autorid idmap_ldb:use rfc2307 = yes winbind enum users = yes winbind enum groups = yes bind interfaces only = yes interfaces = lo0 em0 template shell = /bin/sh #winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes