過去記事:windowsServer/sssd200805
基本samba/Linux参加と同じ.
メンバーサーバの準備 †
- /etc/hostsの調整
[root@centos7 ~]# vi /etc/hosts
#
127.0.0.1 localhost.localdomain localhost
192.168.0.107 centos7.biosym.local centos7
[root@centos7 ~]#
- nmtuiでDNS resolvの設定を行う
[root@centos7 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search biosym.local
nameserver 192.168.0.109
[root@centos7 ~]#
- パッケージのインストール
[root@centos7 ~]# yum install chrony samba-common samba-common-tools sssd
(centos8)
[root@centos8 ~]# yum install chrony samba-common samba-common-tools sssd
ドメイン参加 †
OS提供のsambaでAD参加への設定
[root@centos7 ~]# cat << _EOF_ > /etc/samba/smb.conf
[global]
workgroup = BIOSYM
security = ADS
realm = BIOSYM.LOCAL
log file = /var/log/samba/%m.log
kerberos method = secrets and keytab
client signing = yes
client use spnego = yes
_EOF_
[root@centos7 ~]#
っでADへ参加
[root@centos7 ~]# net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- BIOSYM
Joined 'CENTOS7' to dns domain 'biosym.local'
[root@centos7 ~]#
DNS確認
[root@centos7 ~]# nslookup centos7
Server: 192.168.0.109
Address: 192.168.0.109#53
Name: centos7.biosym.local
Address: 192.168.0.107
[root@centos7 ~]#
SSSD設定 †
windowsADで登録されたユーザでLinuxにログインできるようにするために
[root@centos7 ~]# cat << _EOT_ > /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = biosym.local
[domain/biosym.local]
id_provider = ad
auth_provider = ad
access_provider = ad
dyndns_update = false
enumerate = True
krb5_keytab = /etc/krb5.keytab
ldap_id_mapping = False
ldap_sasl_authid = centos7\$@BIOSYM.LOCAL
_EOT_
[root@centos7 ~]#
[root@centos7 ~]# chmod 600 /etc/sssd/sssd.conf
この後にauthconfigでpamを含めて認証設定を行う
[root@centos7 ~]# authconfig --enablesssd --enablesssdauth --enableforcelegacy --update
[root@centos7 ~]# systemctl start sssd && systemctl enable sssd
確認
[root@centos7 ~]# getent passwd airi
airi:*:3001:3000:Irisviel von Einzbern:/home/airi:/bin/bash
[root@centos7 ~]#
![[PukiWiki]](image/picc.png "[PukiWiki]")
