Linux Winbind Setup: Difference between revisions
From Pumping Station One
m Hef moved page Winbind setup to Arch Linux Winbind Setup: Making title more accurate |
Started adding ubuntu instructions |
||
| Line 1: | Line 1: | ||
== Hostname == | |||
Put the machines hostname in /etc/hostname | |||
'''thing2''' | |||
And set the fqdn in /etc/hosts | |||
127.0.0.1 '''thing2'''.ad.pumpingstationone.org localhost '''thing2''' | |||
== Installation == | == Installation == | ||
=== Arch Linux === | |||
sudo pacman -S krb5 samba | sudo pacman -S krb5 samba | ||
=== Ubuntu === | |||
sudo apt-get install krb5-user samba | |||
* Default Kerberos version 5 realm: AD.PUMPINGSTATIONONE.ORG | |||
== /etc/nsswitch.conf == | == /etc/nsswitch.conf == | ||
| Line 24: | Line 42: | ||
== /etc/samba/smb.conf == | == /etc/samba/smb.conf == | ||
If there is an existing smb.conf file, move it: | |||
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.default | |||
[global] | [global] | ||
workgroup = PS1 | workgroup = PS1 | ||
| Line 40: | Line 63: | ||
idmap config *:backend = tdb | idmap config *:backend = tdb | ||
template shell = /bin/bash | template shell = /bin/bash | ||
== Join the domain == | |||
sudo ads join -U ```administrator```@PS1 | |||
== /etc/pam.d/system-auth == | == /etc/pam.d/system-auth == | ||
=== Ubuntu === | |||
Ubuntu sets up pam_winbind.so automatically. | |||
=== Arch === | |||
In Arch, make the following changes to system-auth | In Arch, make the following changes to system-auth | ||
Revision as of 19:56, 4 September 2013
Hostname
Put the machines hostname in /etc/hostname
thing2
And set the fqdn in /etc/hosts
127.0.0.1 thing2.ad.pumpingstationone.org localhost thing2
Installation
Arch Linux
sudo pacman -S krb5 samba
Ubuntu
sudo apt-get install krb5-user samba
- Default Kerberos version 5 realm: AD.PUMPINGSTATIONONE.ORG
/etc/nsswitch.conf
Add winbind to the passwd and group lines like so:
passwd: files winbind group: files winbind shadow: files
/etc/krb5.conf
Set the default realm to AD.PUMPINGSTATIONONE.ORG (caps matter)
[libdefaults]
default_realm = AD.PUMPINGSTATIONONE.ORG
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
/etc/samba/smb.conf
If there is an existing smb.conf file, move it:
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.default
[global] workgroup = PS1 realm = AD.PUMPINGSTATIONONE.ORG security = ADS encrypt passwords = Yes winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind trusted domains only = No winbind nss info = rfc2307 idmap config shortdomainname:range = 500-40000 idmap config shortdomainname:schema_mode = rfc2307 idmap config shortdomainname:backend = ad idmap config *:range = 70001-80000 idmap config *:backend = tdb template shell = /bin/bash
Join the domain
sudo ads join -U ```administrator```@PS1
/etc/pam.d/system-auth
Ubuntu
Ubuntu sets up pam_winbind.so automatically.
Arch
In Arch, make the following changes to system-auth
%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so try_first_pass nullok auth required pam_winbind.so use_first_pass use_authtok auth optional pam_permit.so account sufficient pam_unix.so account sufficient pam_winbind.so use_first_pass use_authtok account optional pam_permit.so account required pam_time.so password sufficient pam_unix.so try_first_pass nullok sha512 shadow password sufficient pam_winbind.so use_first_pass use_authtok password optional pam_permit.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_env.so session sufficient pam_unix.so session sufficient pam_winbind.so use_first_pass use_authtok session optional pam_permit.so
