windowsServer/sssd をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
&size(10){過去記事:[[windowsServer/sssd200805]]};
基本[[samba/Linux参加]]と同じ.
***メンバーサーバの準備 [#sc7118de]
-/etc/hostsの調整
#code(nonumber){{
[root@centos7 ~]# vi /etc/hosts
#
127.0.0.1 localhost.localdomain localhost
192.168.0.107 centos7.biosym.local centos7
[root@centos7 ~]#
}}
-nmtuiでDNS resolvの設定を行う
#code(nonumber){{
[root@centos7 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search biosym.local
nameserver 192.168.0.109
[root@centos7 ~]#
}}
-パッケージのインストール
#code(nonumber){{
[root@centos7 ~]# yum install chrony samba-common samba-c...
(centos8)
[root@centos8 ~]# yum install chrony samba-common samba-c...
}}
***ドメイン参加 [#le6a9690]
OS提供のsambaでAD参加への設定
#code(nonumber){{
[root@centos7 ~]# cat << _EOF_ > /etc/samba/smb.conf
[global]
workgroup = BIOSYM
security = ADS
realm = BIOSYM.LOCAL
log file = /var/log/samba/%m.log
kerberos method = secrets and keytab
client signing = yes
client use spnego = yes
_EOF_
[root@centos7 ~]#
}}
っでADへ参加
#code(nonumber){{
[root@centos7 ~]# net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- BIOSYM
Joined 'CENTOS7' to dns domain 'biosym.local'
[root@centos7 ~]#
}}
DNS確認
#code(nonumber){{
[root@centos7 ~]# nslookup centos7
Server: 192.168.0.109
Address: 192.168.0.109#53
Name: centos7.biosym.local
Address: 192.168.0.107
[root@centos7 ~]#
}}
***SSSD設定 [#f6f4083e]
windowsADで登録されたユーザでLinuxにログインできるように...
#code(nonumber){{
[root@centos7 ~]# cat << _EOT_ > /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = biosym.local
[domain/biosym.local]
id_provider = ad
auth_provider = ad
access_provider = ad
dyndns_update = false
enumerate = True
krb5_keytab = /etc/krb5.keytab
ldap_id_mapping = False
ldap_sasl_authid = centos7\$@BIOSYM.LOCAL
_EOT_
[root@centos7 ~]#
[root@centos7 ~]# chmod 600 /etc/sssd/sssd.conf
}}
この後にauthconfigでpamを含めて認証設定を行う
#code(nonumber){{
[root@centos7 ~]# authconfig --enablesssd --enablesssdaut...
[root@centos7 ~]# systemctl start sssd && systemctl enabl...
}}
確認
#code(nonumber){{
[root@centos7 ~]# getent passwd airi
airi:*:3001:3000:Irisviel von Einzbern:/home/airi:/bin/bash
[root@centos7 ~]#
}}
終了行:
&size(10){過去記事:[[windowsServer/sssd200805]]};
基本[[samba/Linux参加]]と同じ.
***メンバーサーバの準備 [#sc7118de]
-/etc/hostsの調整
#code(nonumber){{
[root@centos7 ~]# vi /etc/hosts
#
127.0.0.1 localhost.localdomain localhost
192.168.0.107 centos7.biosym.local centos7
[root@centos7 ~]#
}}
-nmtuiでDNS resolvの設定を行う
#code(nonumber){{
[root@centos7 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search biosym.local
nameserver 192.168.0.109
[root@centos7 ~]#
}}
-パッケージのインストール
#code(nonumber){{
[root@centos7 ~]# yum install chrony samba-common samba-c...
(centos8)
[root@centos8 ~]# yum install chrony samba-common samba-c...
}}
***ドメイン参加 [#le6a9690]
OS提供のsambaでAD参加への設定
#code(nonumber){{
[root@centos7 ~]# cat << _EOF_ > /etc/samba/smb.conf
[global]
workgroup = BIOSYM
security = ADS
realm = BIOSYM.LOCAL
log file = /var/log/samba/%m.log
kerberos method = secrets and keytab
client signing = yes
client use spnego = yes
_EOF_
[root@centos7 ~]#
}}
っでADへ参加
#code(nonumber){{
[root@centos7 ~]# net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- BIOSYM
Joined 'CENTOS7' to dns domain 'biosym.local'
[root@centos7 ~]#
}}
DNS確認
#code(nonumber){{
[root@centos7 ~]# nslookup centos7
Server: 192.168.0.109
Address: 192.168.0.109#53
Name: centos7.biosym.local
Address: 192.168.0.107
[root@centos7 ~]#
}}
***SSSD設定 [#f6f4083e]
windowsADで登録されたユーザでLinuxにログインできるように...
#code(nonumber){{
[root@centos7 ~]# cat << _EOT_ > /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = biosym.local
[domain/biosym.local]
id_provider = ad
auth_provider = ad
access_provider = ad
dyndns_update = false
enumerate = True
krb5_keytab = /etc/krb5.keytab
ldap_id_mapping = False
ldap_sasl_authid = centos7\$@BIOSYM.LOCAL
_EOT_
[root@centos7 ~]#
[root@centos7 ~]# chmod 600 /etc/sssd/sssd.conf
}}
この後にauthconfigでpamを含めて認証設定を行う
#code(nonumber){{
[root@centos7 ~]# authconfig --enablesssd --enablesssdaut...
[root@centos7 ~]# systemctl start sssd && systemctl enabl...
}}
確認
#code(nonumber){{
[root@centos7 ~]# getent passwd airi
airi:*:3001:3000:Irisviel von Einzbern:/home/airi:/bin/bash
[root@centos7 ~]#
}}
ページ名:
1
![[PukiWiki]](image/picc.png "[PukiWiki]")
