Escolar Documentos
Profissional Documentos
Cultura Documentos
Autenticando AD
Autenticando AD
http://wiki.ubuntu-br.org/AutenticandoAD?action=print
AutenticandoAD
Contents Contents 1. UbuntuLinuxautenticando noActiveDirectory 1. Informaes 2. Instalandoospacotes necessrios 3. Sicronizandoahora 4. Configurandoo Kerberos 5. Testandoaconexo comoAD 6. AcessandooDominio 7. Configurea Autenticao 8. ConfigureoPAM 9. Criandoo HOMEDIRdo dominio 10. Logandonodominio 11. Troubleshooting 12. Links
Instalandoospacotes necessrios
sudoaptitudeinstallkrb5-userlibpam-krb5winbindsambasmbfs smbclientkrb5-configlibkrb53libkadm55
Sicronizandoahora
Useocomandontpdateparasincronizarahora
sudontpdate10.2.0.1
Editeoarquivo/etc/hostsadicionandooipeonomedoDCdesuarede
1 de 7 18-05-2010 08:34
http://wiki.ubuntu-br.org/AutenticandoAD?action=print
vi/etc/hosts 127.0.0.1gert.fja.brlocalhostgert 127.0.1.1gert #ThefollowinglinesaredesirableforIPv6capablehosts ::1ip6-localhostip6-loopback fe00::0ip6-localnet ff00::0ip6-mcastprefix ff02::1ip6-allnodes ff02::2ip6-allrouters ff02::3ip6-allhosts 10.2.0.1fjadc01 10.2.0.2fjadc02
ConfigurandooKerberos
Editeoarquivo/etc/krb5.confadicionandoasseguinteslinhas
[libdefaults] default_realm=FJA.BR [realms] FJA.BR={ kdc=fjadc01.fja.br default_domain=FJA.BR kpasswd_server=fjadc01.fja.br admin_server=fjadc01.fja.br } [domain_realm] .fja.br=FJA.BR
TestandoaconexocomoAD
kinit<ENTER> Passwordforalex@FJA.BR:****
klist<ENTER>
2 de 7
18-05-2010 08:34
http://wiki.ubuntu-br.org/AutenticandoAD?action=print
Kerberos4ticketcache:/tmp/tkt1000 klist:Youhavenoticketscached
SeoresultadoforesteoKerberosestfuncionandocorretamente
AcessandooDominio
Editeoarquivo/etc/samba/smb.confadicionandoasseguinteslinhas
[global] security=ads realm=FJA.BR passwordserver=10.2.0.1 workgroup=ADMINISTRATIVO #winbindseparator=+ idmapuid=10000-20000 idmapgid=10000-20000 winbindenumusers=yes winbindenumgroups=yes templatehomedir=/home/%D/%U templateshell=/bin/bash clientusespnego=yes clientntlmv2auth=yes encryptpasswords=yes winbindusedefaultdomain=yes restrictanonymous=2 #toavoidtheworkstationfrom #tryingtobecomeamasterbrowser #onyourwindowsnetworkaddthe #followinglines domainmaster=no localmaster=no preferredmaster=no
3 de 7
18-05-2010 08:34
http://wiki.ubuntu-br.org/AutenticandoAD?action=print
oslevel=0
Reinicieosservios
sudo/etc/init.d/winbindstop sudo/etc/init.d/sambarestart sudo/etc/init.d/winbindstart
Adicioneacontaaodominio
sudonetadsjoin UsingshortdomainnameGERT Joined'GERT'torealm'FJA.BR'
ConfigureaAutenticao
Editeoarquivo/etc/nsswitch.conf
sudovi/etc/nsswitch.conf passwd:compatwinbind group:compatwinbind shadow:compat
Testeowinbind
getentpasswd quiosque:*:10018:10000:Quiosque:/home/ADMINISTRATIVO/quiosque: /bin/bash estagioweb:*:10019:10000:KarenSuellenMachadoCavalcante Sampaio:/home/ADMINISTRATIVO/estagioweb:/bin/bash egonzales:*:10020:10000:ricaGonzalesBitencourt:/home /ADMINISTRATIVO/egonzales:/bin/bash
getentgroup
4 de 7
18-05-2010 08:34
http://wiki.ubuntu-br.org/AutenticandoAD?action=print
__coordenaodeenfermagem:x:10046:coordenf __coordenaodedesign:x:10047:smarino,coorddes
ConfigureoPAM
Editeoarquivo/etc/pam.d/common-accountadicionandoasseguinteslinhas
sudovi/etc/pam.d/common-account accountsufficientpam_winbind.so accountrequiredpam_unix.so
Editeoarquivo/etc/pam.d/common-authadicionandoasseguinteslinhas
sudovi/etc/pam.d/common-auth authsufficientpam_winbind.so authsufficientpam_unix.sonullok_secureuse_first_pass authrequiredpam_deny.so
Editeoarquivo/etc/pam.d/common-sessionadicionandoasseguinteslinhas
sudovi/etc/pam.d/common-session sessionrequiredpam_unix.so sessionrequiredpam_mkhomedir.soumask=0022skel=/etc/skel
Editeoarquivo/etc/pam.d/sudoadicionandoasseguinteslinhas
sudovi/etc/pam.d/sudo authsufficientpam_winbind.so authsufficientpam_unix.souse_first_pass authrequiredpam_deny.so @includecommon-account
CriandooHOMEDIRdodominio
5 de 7 18-05-2010 08:34
http://wiki.ubuntu-br.org/AutenticandoAD?action=print
sudomkdir/home/ADMINISTRATIVO
Reinicieosservios
sudo/etc/init.d/winbindstop sudo/etc/init.d/sambarestart sudo/etc/init.d/winbindstart
Logandonodominio
VparaaconsoleusandoocomandoCTRL+ALT+F1eloguenosistemacomologine senhadodominio
login:alex Password:***** alex@gert:~$
Troubleshooting
Errosconhecidos Errokinit(v5):Clockskewtoogreatwhilegettinginitialcredentials SoluoOrelgionoestsincronizadocomocontroladordedomnio. Errokinit(v5):KDCreplydidnotmatchexpectationswhilegettinginitialcredentials SoluoOdomniofoidigitadocomletrasminsculas.
Links
ActiveDirectoryWinbindHowto-https://help.ubuntu.com/community /ActiveDirectoryWinbindHowto CategoryDocumentacao
6 de 7 18-05-2010 08:34
http://wiki.ubuntu-br.org/AutenticandoAD?action=print
AutenticandoAD(editadapelaltimavezem2008-09-1123:47:38porAlexandroSilva)
7 de 7
18-05-2010 08:34