Winbind permet \u00e0 une machine Linux avec SaMBa install\u00e9e de faire un lien entre elles et un contr\u00f4leur Active directory. Les comptes cr\u00e9\u00e9s sur le contr\u00f4leur seront efficaces imm\u00e9diatement sur la machine Linux sans aucune autre intervention. Winbind est le composant effectuant le mapping entre les UID Linux et les SID Windows.<\/p>\n
<\/p>\n
Installation des paquets n\u00e9cessaire \u00e0 assurer l’authentification de votre machine Linux.<\/p>\n
export DEBIAN_FRONTEND=noninteractive\napt-get install winbind krb5-user libnss-winbind smbclient libpam-winbind oddjob-mkhomedir\nunset DEBIAN_FRONTEND\n<\/code><\/pre>\nConfigurer votre client kerberos en fonction de votre domaine<\/p>\n
# 0>\/etc\/krb5.conf\n# vi \/etc\/krb5.conf\n[libdefaults]\n default_realm = MONDOMAINE.FR\n ticket_lifetime = 1d\n renew_lifetime = 7d\n dns_lookup_realm = false\n dns_lookup_kdc = true\n\n[realms]\n MONDOMAINE.FR = {\n kdc = 192.168.0.5\n kdc = 192.168.0.7\n admin_server = 192.168.0.5 192.168.0.7\n }\n<\/code><\/pre>\nSauvegarder le fichier smb.conf d’origine et cr\u00e9er un nouveau<\/p>\n
cp \/etc\/samba\/smb.conf \/etc\/samba\/smb.conf.ori\n0>\/etc\/samba\/smb.conf\nvi \/etc\/samba\/smb.conf\n<\/code><\/pre>\nAvec les param\u00e8tres suivants et \u00e0 adapter \u00e0 votre configuration<\/p>\n
#======================= Global Settings =======================\n\n[global]\n workgroup = MONDOMAINE\n server string = %h server\n dns proxy = no\n\n#### Networking ####\n\n interfaces = 127.0.0.0\/8\n bind interfaces only = yes\n hosts allow = 127.0.0.0\/8\n\n#### Debugging\/Accounting ####\n\n log level = 0\n log file = \/var\/log\/samba\/log.%m\n max log size = 1000\n panic action = \/usr\/share\/samba\/panic-action %d\n\n####### Authentication #######\n\n security = ADS\n realm = MONDOMAINE.FR\n encrypt passwords = yes\n idmap config *:backend = tdb\n idmap config *:range = 700001-800000\n idmap config MONDOMAINE:backend = rid\n idmap config MONDOMAINE:range = 10000-700000\n winbind use default domain = yes\n template homedir = \/home\/%U\n map acl inherit = Yes\n template shell = \/bin\/bash\n\n############ Misc ############\n\n socket options = TCP_NODELAY IPTOS_LOWDELAY\n guest account = nobody\n load printers = no\n disable spoolss = yes\n printing = bsd\n printcap name = \/dev\/null\n time server = no\n wins support = no\n multicast dns register = no\n disable netbios = yes\n smb ports = 445\n<\/code><\/pre>\nInt\u00e9grer votre machine dans le domaine<\/p>\n
# net ads join -U Administrator\nEnter Administrator's password:\nUsing short domain name -- MONDOMAINE\nJoined 'MAMACHINE' to dns domain 'MONDOMAINE.fr'\n<\/code><\/pre>\nAjouter l’authentification winbind au syst\u00e8me<\/p>\n
# vi \/etc\/nsswitch.conf\npasswd: compat winbind\ngroup: compat winbind\nshadow: compat winbind\ngshadow: files\n\nhosts: files dns\nnetworks: files\n\nprotocols: db files\nservices: db files\nethers: db files\nrpc: db files\n\nnetgroup: nis\nsudoers: files\n<\/code><\/pre>\n# pam-auth-update --force\n<\/code><\/pre>\nRebooter votre machine<\/p>\n
# reboot\n<\/code><\/pre>\nApr\u00e8s la relance, v\u00e9rifier la bonne liaison de celle-ci avec le domaine<\/p>\n
# wbinfo --ping-dc\nchecking the NETLOGON for domain[MONDOMAINE] dc connection to \"dc2.mondomaine.fr\" succeeded\n\n# wbinfo -u\n\n# wbinfo -g\n\n# wbinfo -i colombet\ncolombet:*:12345:10513::\/home\/colombet:\/bin\/bash\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"Winbind permet \u00e0 une machine Linux avec SaMBa install\u00e9e de faire un lien entre elles et un contr\u00f4leur Active directory. Les comptes cr\u00e9\u00e9s sur le contr\u00f4leur seront efficaces imm\u00e9diatement sur la machine Linux sans aucune autre intervention. Winbind est le composant effectuant le mapping entre les UID Linux et les SID Windows.<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,12],"tags":[4,69],"class_list":["post-504","post","type-post","status-publish","format-standard","hentry","category-linux","category-samba","tag-samba","tag-winbind"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paBEVZ-88","jetpack_likes_enabled":false,"_links":{"self":[{"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/posts\/504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/comments?post=504"}],"version-history":[{"count":1,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/posts\/504\/revisions"}],"predecessor-version":[{"id":505,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/posts\/504\/revisions\/505"}],"wp:attachment":[{"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/media?parent=504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/categories?post=504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/homepages.lcc-toulouse.fr\/colombet\/wp-json\/wp\/v2\/tags?post=504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}