過去記事:windowsServer/sssd200805

基本samba/Linux参加と同じ.

メンバーサーバの準備

ドメイン参加

OS提供のsambaでAD参加への設定

[root@centos7 ~]# cat << _EOF_ > /etc/samba/smb.conf
[global]
  workgroup = BIOSYM
  security = ADS
  realm = BIOSYM.LOCAL
  log file = /var/log/samba/%m.log
  kerberos method = secrets and keytab
  client signing = yes
  client use spnego = yes
_EOF_
[root@centos7 ~]#

っでADへ参加

[root@centos7 ~]# net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- BIOSYM
Joined 'CENTOS7' to dns domain 'biosym.local'
 
[root@centos7 ~]#

DNS確認

[root@centos7 ~]# nslookup centos7
Server:         192.168.0.109
Address:        192.168.0.109#53
 
Name:   centos7.biosym.local
Address: 192.168.0.107
 
[root@centos7 ~]#

SSSD設定

windowsADで登録されたユーザでLinuxにログインできるようにするために

[root@centos7 ~]# cat << _EOT_ > /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = biosym.local
 
[domain/biosym.local]
id_provider = ad
auth_provider = ad
access_provider = ad
dyndns_update = false
 
enumerate = True
krb5_keytab = /etc/krb5.keytab
ldap_id_mapping = False
ldap_sasl_authid = centos7\$@BIOSYM.LOCAL
_EOT_
[root@centos7 ~]#
[root@centos7 ~]# chmod 600 /etc/sssd/sssd.conf

この後にauthconfigでpamを含めて認証設定を行う

[root@centos7 ~]# authconfig --enablesssd --enablesssdauth --enableforcelegacy --update
[root@centos7 ~]# systemctl start sssd && systemctl enable sssd

確認

[root@centos7 ~]# getent passwd airi
airi:*:3001:3000:Irisviel von Einzbern:/home/airi:/bin/bash
[root@centos7 ~]#
最新の60件
2025-07-13 2025-07-12 2025-07-11 2025-07-05 2025-07-02 2025-07-01 2025-06-29 2025-06-24 2025-06-23 2025-06-21 2025-06-18 2025-06-15 2025-06-14 2025-06-11 2025-06-09 2025-06-08 2025-06-07 2025-06-05 2025-06-02 2025-06-01 2025-05-31 2025-05-30 2025-05-25 2025-05-22 2025-05-21 2025-05-20 2025-05-18 2025-05-17 2025-05-14 2025-05-13 2025-05-12 2025-05-11 2025-05-08 2025-05-07 2025-05-06 2025-05-05 2025-05-04 2025-05-03

edit

トップ   編集 差分 履歴 添付 複製 名前変更 リロード   新規 一覧 検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2020-08-05 (水) 23:03:55