Debian-World.Com

1

 aptitude install libkrb53 krb5-config krb5-user samba winbind ntpdate ntp

1
2
3

/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/ntp stop

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

[libdefaults]
    default_realm = MOJA.DOMENA

# The following krb5.conf variables are only for MIT Kerberos.
    krb4_config = /etc/krb.conf
    krb4_realms = /etc/krb.realms
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

#   default_tgs_enctypes = des3-hmac-sha1
#   default_tkt_enctypes = des3-hmac-sha1
#   permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
    v4_instance_resolve = false
    v4_name_convert = {
        host = {
            rcmd = host
            ftp = ftp
        }
        plain = {
            something = something-else
        }
    }
    fcc-mit-ticketflags = true
    dns_lookup_realm = false
    dns_lookup_kdc = false

[realms]
    MOJA.DOMENA = {
        kdc = 192.168.0.100
        admin_server = 192.168.0.100
    }

[domain_realm]
    .moja.domena = MOJA.DOMENA
    moja.domena  = MOJA.DOMENA

[login]
    krb4_convert = true
    krb4_get_tickets = false

1

ntpdate 192.168.11.100

1
2

# Moja domena
server 192.168.0.100

1

/etc/init.d/ntp start

1

nameserver 192.168.0.100

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# Global parameters
[global]
workgroup = MOJA
realm = MOJA.DOMENA
load printers = no
preferred master = no
local master = no
server string = debian server
password server = 192.168.0.100
encrypt passwords = true
security = domain
netbios name = debian
client signing = Yes
dns proxy = No
wins server = 192.168.0.100
wins proxy = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind uid = 10000-20000
winbind gid = 10000-20000
template homedir = /home/%D/%U
template shell = /bin/bash
invalid users = root
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files dns wins
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

1

ldconfig

1

net ads join -U Administrator

1
2
3
4

nano /etc/pam.d/common-account
# treba imati sljedeće linije:
account sufficient pam_winbind.so
account required pam_unix.so

1
2
3
4

nano /etc/pam.d/common-auth
# treba imati sljedeće linije:
auth    sufficient      pam_unix.so
auth    required        pam_winbind.so  use_first_pass

1
2
3

nano /etc/pam.d/common-password
# treba imati sličnu liniju - parametri
password   required   pam_unix.so nullok obscure min=4 max=50 md5

1
2
3

nano /etc/pam.d/common-session
# treba imati sljedeću liniju:
session     required    pam_mkhomedir.so umask=0022 skel=/etc/skel

1
2
3
4
5

/etc/init.d/samba stop
/etc/init.d/winbind stop
/etc/init.d/samba start
/etc/init.d/winbind start
/etc/init.d/ssh restart

1

net ads status