:: Instale os seguintes pacotes
# apt-get install ntpdate samba-common winbind krb5-config krb5-user
:: Edite o arquivo /etc/krb5.conf e adicione as seguintes linhas
# vim /etc/krb5.conf
[libdefaults]
default_realm = MICROSOFT.MSFT
[...]
[realms]
MICROSOFT.MSFT = {
kdc = 192.168.0.1
kdc = 192.168.0.2
admin_server = 192.168.0.1
MICROSOFT.MSFT = {
kdc = 192.168.0.1
kdc = 192.168.0.2
admin_server = 192.168.0.1
default_domain = microsoft.msft
}
}
[...]
[domain_realm].microsoft.msft = MICROSOFT.MSFT
microsoft.msft = MICROSOFT.MSFT
:: Sincronize o horário com o Controlador de Domínio
# ntpdate 192.168.0.1
:: Teste a configuração do arquivo krb5.conf
# kinit administrator
password´s administrator@MICROSOFT.MSFT: **********
# klist
Ticket cache: FILE:/tmp/krb5cc_0Default principal: administrator@ALDO.COM.BR
Valid starting Expires Service principal
12/03/10 11:12:35 12/03/10 21:12:41 krbtgt/MICROSOFT.MSFT@MICROSOFT.MSFT
renew until 12/03/10 21:12:35
:: Configure o arquivo smb.conf, edite o arquivo e incluia os seguintes comandos
# vim /etc/samba/smb.conf
[...]
workgroup = MICROSOFT
server string = ServProxynetbios name = PROXY
realm = MICROSOFT.MSFT
winbind use default domain = yes
security = ads
idmap gid = 10000-20000
idmap uid = 10000-20000
os level = 20
winbind enum users = yes
winbind enum groups = yes
:: Adicionar servidor ao domínio
# net ads join -U administrator
Enter administrator's password:
Using short domain name -- MISCROFOT
Joined 'PROXY' to realm 'microsoft.msft'
Using short domain name -- MISCROFOT
Joined 'PROXY' to realm 'microsoft.msft'
:: Testar adição no domínio
# net ads testjoin
Join is Ok
# net ads info
LDAP server: 192.168.0.1
LDAP server name: dc1.microsoft.msftRealm: MICROSOFT.MSFT
Bind Path: dc=MICROSOFT,dc=MSFT
LDAP port: 389
Server time: Sex, 03 Dez 2010 11:26:08 BRST
KDC server: 192.168.0.1
Server time offset: 0
:: Reinicie o winbind
# /etc/init.d/winbind restart
:: Teste se o servidor consegue recuperar usuários do domínio
# wbinfo -u
:: Teste de o servidor consegue recuperar grupos do domínio
# wbinfo -g
:: Alterar o arquivo /etc/nsswitch.conf
# vim /etc/nsswitch.conf
[...]
[...]
passwd: compat winbind
group: compat winbind
shadow: compat winbind
[...]
group: compat winbind
shadow: compat winbind
[...]
:: Teste a configuração do nsswitch.conf
# getent passwd
<Retornara os usuários do Linux e do AD>
Tudo OK.
