| Join in Windows Active Directory Domain with Samba Winbind. This tutorial needs Windows Active Directory Domain Service in your LAN. This example shows to configure on the environment below.
| |||||||||||
| [1] | Install Winbind. |
| root@smb:~# apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules # if using DHCP. answer [Yes], if static IP, answer [No] +----------------------+ Samba server and utilities +-----------------------+
| |
| If your computer gets IP address information from a DHCP server on the |
| network, the DHCP server may also provide information about WINS servers |
| ("NetBIOS name servers") present on the network. This requires a change |
| to your smb.conf file so that DHCP-provided WINS settings will |
| automatically be read from /var/lib/samba/dhcp.conf. |
| |
| The dhcp-client package must be installed to take advantage of this |
| feature. |
| |
| Modify smb.conf to use WINS settings from DHCP? |
| |
| <Yes> <No> |
| |
+---------------------------------------------------------------------------+
# specify Realm +------------------+ Configuring Kerberos Authentication +------------------+ | When users attempt to use Kerberos and specify a principal or user name | | without specifying what administrative Kerberos realm that principal | | belongs to, the system appends the default realm. The default realm may | | also be used as the realm of a Kerberos service running on the local | | machine. Often, the default realm is the uppercase version of the local | | DNS domain. | | | | Default Kerberos version 5 realm: | | | | SRV.WORLD________________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ # specify hostname of AD DS +--------------+ Configuring Kerberos Authentication +---------------+
| Enter the hostnames of Kerberos servers in the SRV.WORLD |
| Kerberos realm separated by spaces. |
| |
| Kerberos servers for your realm: |
| |
| fd3s.srv.world____________________________________________________ |
| |
| <Ok> |
| |
+--------------------------------------------------------------------+
# specify hostname of AD DS +------------------+ Configuring Kerberos Authentication +------------------+ | Enter the hostname of the administrative (password changing) server for | | the SRV.WORLD Kerberos realm. | | | | Administrative server for your Kerberos realm: | | | | fd3s.srv.world___________________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ |
| [2] | Configure Winbind. |
| root@smb:~# vi /etc/samba/smb.conf # line 29: change NetBIOS Name to AD DS’s one and add like follows workgroup = FD3S01
realm = SRV.WORLD security = ads idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config FD3S01 : backend = rid idmap config FD3S01 : range = 10000-999999 template homedir = /home/%U template shell = /bin/bash winbind use default domain = true winbind offline logon = false root@smb:~# vi /etc/nsswitch.conf # line 7: add like follows passwd: files systemd winbind group: files systemd winbind root@smb:~# vi /etc/pam.d/common-session # add to the end if you need (auto create a home directory at initial login) session optional pam_mkhomedir.so skel=/etc/skel umask=077 root@smb:~# vi /etc/resolv.conf # change DNS to refer to AD nameserver 10.0.0.100 |
| [3] | Join in Windows Active Directory Domain. |
| # join in Active Directory (net ads join -U [AD’s admin user]) root@smb:~# net ads join -U Administrator Enter Administrator’s password: root@smb:~# systemctl restart winbind # show domain users info root@smb:~# wbinfo -u administrator # try to switch to an AD user root@smb:~# su – serverworld Creating directory ‘/home/serverworld’. id uid=11103(serverworld) gid=10513(domain users) groups=10513(domain users),11103(serverworld) |
Berikut jadwal imsak dan buka puasa Ramadhan 2025 di Kota Serang dari tanggal 1 Ramadhan -…
Jakarta - Pemerintah telah menetapkan awal Ramadan 2025 berdasarkan hasil sidang isbat oleh Kemenag. Begitu pula dengan organisasi masyarakat…
Siapa sangka, salah satu warganet justru mendapat informasi tak terduga yang berasal dari Meta AI.…
Ketika menjalani rutinitas sehari-hari tentu saja kamu pernah merasa suntuk atau jenuh. Supaya kamu bisa…
Sebuah kapal kargo komersial China diduga sengaja menyeret jangkarnya untuk memotong kabel bawah laut yang…
Nabi Sulaiman dikenal sebagai raja yang kaya raya. Para ilmuwan arkeologi kini mengungkap apa sumber kekayaannya,…
