Использование Linux как контроллера домена

Использование Linux как контроллера домена

Настройка стенда



[root@server ~]# yum install -y samba

[root@server ~]# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

[root@server ~]# cat > /etc/samba/smb.conf << EOF
[global]
    workgroup = TEST
    os level = 128
    domain master = yes
    security = user
    domain logons = yes
    logon path = \%L\profiles\%U
[netlogon]
    path = /home/samba
[profiles]
    path = /home/
    read only = no

EOF


[root@server ~]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions


[root@server ~]# mkdir /home/samba

[root@server ~]# net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d
[root@server ~]# net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d



[root@server ~]# net groupmap list
Domain Users (S-1-5-21-557193173-2086353787-2499730693-513) -> users
Domain Admins (S-1-5-21-557193173-2086353787-2499730693-512) -> root


[root@server ~]# service smb restart
[root@server ~]# service nmb restart

[root@server ~]# smbpasswd -a root
[root@server ~]# smbpasswd -e root



-- Добавляем компьтер с именем winxp
[root@server ~]# useradd -c "WinXP" -s /bin/false -d /bin/false winxp$

[root@server ~]# smbpasswd -a winxp$
[root@server ~]# smbpasswd -e winxp$

=========================

Проверка работоспособности PDC

Установить в качестве шлюза по умолчанию контроллер домена.

Введите WinXP в домен corpX.un. (root и пароль root)






[root@server ~]# useradd -c "User One" -s /bin/false user1
[root@server ~]# usermod -G users user1
[root@server ~]# smbpasswd -a user1
[root@server ~]# smbpasswd -e user1


=========================

Включение Client в домен

Server

[root@server ~]# useradd -c "Linux Client" -s /bin/false -d /bin/false client$
[root@server ~]# smbpasswd -a client$
[root@server ~]# smbpasswd -e client$



Client

Установить в качестве шлюза по умолчанию контроллер домена.


[root@client ~]# yum install -y samba

[root@client ~]# cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

[root@client ~]# cat > /etc/samba/smb.conf << EOF
[global]
    workgroup = TEST
    security = DOMAIN
    winbind use default domain = Yes
    winbind enum users = yes
    winbind enum groups = yes
    winbind cache time = 36
    idmap uid = 20000-40000
    idmap gid = 20000-40000
    template homedir = /home/%U
    template shell = /bin/bash

EOF


[root@client ~]# service winbind restart


nsswitch.conf

[root@client ~]# cp /etc/nsswitch.conf /etc/nsswitch.conf.orig
[root@client ~]# vi /etc/nsswitch.conf

passwd:     files
shadow:     files
group:      files

меняю на:

passwd:     files winbind
shadow:     files winbind
group:      files winbind


[root@client ~]# net rpc join -U root
Joined domain TEST

Проверка аутентификации на client

[root@client ~]# ntlm_auth --username=user1
password: 
NT_STATUS_OK: Success (0x0)

[root@client ~]# wbinfo -p 
Ping to winbindd succeeded

[root@client ~]# wbinfo -u
[root@client ~]# wbinfo -g
[root@client ~]# wbinfo -g id user1



Посмотреть:
https://www.centos.org/forums/viewtopic.php?t=7980