Samba Winbind - AD - Exemple de conf

Conf NTP

/etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.1.1   pc1.plop.acme.local pc1

/etc/resolv.conf

#domain plop.acme.local
search acme.local plop.acme.local
options rotate timeout:1 retries:1
nameserver 192.168.20.153
nameserver 192.168.20.154

/etc/krb5.conf

[logging]
        default = FILE10000:/var/log/krb5lib.log
 
[libdefaults]
        default_realm = PLOP.ACME.LOCAL
        default_keytab_name = FILE:/etc/krb5.keytab
 
# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
 
[appdefaults]
        kinit = {
        forwardable = true
        proxiable = true
        }
 
# The following encryption type specification will be used by MIT Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
 
 
# The following libdefaults parameters are only for Heimdal Kerberos.
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }
        fcc-mit-ticketflags = true
 
[realms]
        PLOP.ACME.LOCAL = {
                kdc = cd1-plop:88
                kdc = GDC01:88
                admin_server = cd1-plop:749
                default_domain = plop.acme.local
        }
 
[domain_realm]
        PLOP = PLOP.ACME.LOCAL
        .plop.acme.local = PLOP.ACME.LOCAL
 
[login]
        krb4_convert = true
        krb4_get_tickets = false

/etc/samba/smb.conf

# Global parameters
[global]
        #obey pam restrictions = Yes
        realm = PLOP.ACME.LOCAL
        workgroup = PLOP
        security = ADS
        #template homedir = /staff/%U
        #template shell = /bin/bash
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind use default domain = Yes
        winbind refresh tickets = yes
        idmap config * : range = 10000-20000
        idmap config * : backend = tdb
        #password server = cd1-plop.plop.acme.local
        password server = *
        winbind separator = /
	# Pas d'imprimante
        printing = bsd
        printcap name = /dev/null
        load printers = No
        cups options = raw
	#
        # empêche le client de devenir maitre explorateur
        domain master = no
        local master = no
        preferred master = no
        os level = 0
	#
 
[DATA]
        create mask = 0666
        directory mask = 0777
        path = /data/
        read only = No
        valid users = acme/user1, plop/admin

kinit admin@PLOP.ACME.LOCAL
 
yum install samba-winbind samba-winbind-clients
 
net ads join -U admin
 
authselect select winbind with-mkhomedir --force
 
getent passwd 
getent passwd ACME/user1