Know How
Page tree

Versions Compared

Old Version 5

changes.mady.by.user Klaus Keipke

Saved on

compared with

New Version 6

changes.mady.by.user Klaus Keipke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 

Verwendete Konfiguration

VariableWertBeschreibung
meinserverlemaker.fritz.boxServer der Domaincontroller ist
IPADRESSE192.168.101.18IP-Adresse des Domaincontrollers
example.comlemaker.fritz.boxDomain
EXAMPLEMBalternative Workgroup
UBUNTUubuName des Linuxcomputers der in die Domain aufgenommen werden soll
und auf dem die hier beschriebene Konfiguration stattfindet

Vorbereitung der Installation

...

Danach muss noch die Kerberos-Konfigurationsdatei kontrolliert / angepasst werden.
Wie bereits erwähnt: Nur wenn man ADS verwenden möchte....

Code Block
title/etc/krb5.conf
collapsetrue
[logging]
    default = FILE:/var/log/krb5.log

[libdefaults]
	default_realm = LEMAKER.FRITZ.BOX

# The following krb5.conf variables are only for MIT Kerberos.
	krb4_config = /etc/krb.conf
	krb4_realms = /etc/krb.realms
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true
	ticket_lifetime = 24000
	clock_skew = 300

# The following libdefaults parameters are only for Heimdal Kerberos.
	v4_instance_resolve = false
	v4_name_convert = {
		host = {
			rcmd = host
			ftp = ftp
		}
		plain = {
			something = something-else
		}
	}
	fcc-mit-ticketflags = true

[realms]
	LEMAKER.FRITZ.BOX = {
		kdc = lemaker.fritz.box:88
		admin_server = lemaker.fritz.box:464
		default_domain = LEMAKER.FRITZ.BOX
	}

[domain_realm]
	.lemaker.fritz.box = LEMAKER.FRITZ.BOX
	lemaker.fritz.box = LEMAKER.FRITZ.BOX

[login]
	krb4_convert = true
	krb4_get_tickets = false

...

Samba konfigurieren

Code Block
title/etc/samba/smb.conf
collapsetrue
[global]
   security = ads
   realm = LEMAKER.FRITZ.BOX
   #Der folgende Eintrag wird nicht benötigt
   #password server = IPADRESSE     #IP des Domain Controllers

   workgroup = MB
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   winbind enum users = yes
   winbind enum groups = yes
   winbind cache time = 10
   winbind use default domain = yes
   template homedir = /home/%U
   template shell = /bin/bash
   client use spnego = yes
   client ntlmv2 auth = yes
   encrypt passwords = yes
   restrict anonymous = 2
   domain master = no
   local master = no
   preferred master = no
   os level = 0
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = member server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

...

Code Block
root@ubu:~# net ads join -U Administrator 
Enter Administrator's password:
Using short domain name -- MB
Joined 'UBU' to dns domain 'lemaker.fritz.box'
root@ubu:~#

Wenn beim Beitritt zur Domain der folgende Fehler auftritt ...

Code Block
No DNS domain configured for <COMPUTERNAME>. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER

... dann bitte nochmal den Abschnitt "Lokale host-Datei anpassen" lesen und hostdatei korrekt anpassen.

Danach winbind-Service starten

...