Обзоры linux от Админа №5 (CentOS 6.10)

Программы

Порядок действий

yum update

yum install epel-release

yum install mc adcli oddjob oddjob-mkhomedir samba samba-common krb5-workstation sssd-krb5-common sssd-krb5 pam_krb5 krb5-libs

mcedit /etc/sysconfig/selinux
enabled заменить на disabled

reboot

authconfig --enablekrb5 --enablesssd --enablesssdauth --update

mcedit /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = DOMAIN.LOC
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
DOMAIN.LOC = {
kdc = dc.domain.loc
admin_server = dc.domain.loc
}

[domain_realm]
.domain.loc = DOMAIN.LOC
domain.loc = DOMAIN.LOC

mcedit /etc/samba/smb.conf
[global]
server string = Samba
netbios name = centos6
security = ads
realm = DOMAIN.LOC
workgroup = DOMAIN
domain master = no
local master = no
idmap config *: range = 10000-20000
idmap config *: backend = tdb
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes

acl compatibility = auto
map acl inherit = yes
max connections = 0
load printers = no

log level = 0 vfs:2
max log size = 0
syslog = 0

adcli join --domain=domain.loc --computer-name=CENT6 --host-fqdn=cent6.domain.loc --login-user=administrator --os-name=«CentOS Linux» --os-version=«CentOS release 6.10» --show-details --verbose

touch /etc/sssd/sssd.conf
chmod 0600 /etc/sssd/sssd.conf
nano /etc/sssd/sssd.conf
[sssd]
domains = domain.loc
config_file_version = 2
services = nss, pam

[domain/domain.loc]
ad_domain = domain.loc
krb5_realm = DOMAIN.LOC
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
default_shell = /bin/bash
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad

service sssd start
chkconfig sssd on

service smb start
chkconfig smb on

/etc/pam.d/password-auth-ac
session required pam_mkhomedir.so umask=0022 skel=/etc/skel

Очистка кэша sssd (на всякий случай)
service sssd stop; rm -rf /var/log/sssd/* /var/lib/sss/db/*; service sssd start

0 комментариев

Только зарегистрированные и авторизованные пользователи могут оставлять комментарии.