-U username%password: , username , .
-D DOMAIN: DOMAIN - , , - .
-S win_domain_controller: win_domain_controller, , .
createcomputer=OU/OU/: AD OU (Organizational Unit), OU = Office, OU = Cabinet, : sudo net ads join -U username createcomputer=Office/Cabinet.
- . , , , .
:
net ads testjoin
, :
#net ads testjoin
Join is OK
3):
DNS update failed!
, DNS , . . , , DNS , DNS . , , . , DNS . , AD.
, DNS, ! , .
, , ! AD . , . smbclient:
sudo aptitude install smbclient
. kerberos, .. , kinit (. ). workstation:
smbclient -k -L workstation
.
Winbind
- , , SMB- , Samba Winbind - , Linux Active Directory. Winbind , Ubuntu.
Winbind AD Linux , ID . , .
|
|
Winbind /etc/samba/smb.conf. [global] :
# Winbind.
# .
idmap uid = 10000 - 40000
idmap gid = 10000 - 40000
# .
winbind enum groups = yes
winbind enum users = yes
# .
# , .. username - DOMAIN\username.
# , .
winbind use default domain = yes
# ,
# , shell' /bin/false
template shell = /bin/bash
# Kerberos pam_winbind.so
winbind refresh tickets = yes
:
idmap uid = 10000 - 40000
idmap gid = 10000 - 40000
Samba testparm :
WARNING: The idmap uid option is deprecated
WARNING: The idmap gid option is deprecated
:
idmap config *: range = 10000-20000
idmap config *: backend = tdb
Winbind Samba :
sudo /etc/init.d/winbind stop
sudo smbd restart
sudo /etc/init.d/winbind start
sudo testparm
, :
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
:
ulimit -n 16384
/etc/security/limits.conf
# :
* - nofile 16384
root - nofile 16384
, Winbind AD :
# wbinfo -t
checking the trust secret for domain DCN via RPC calls succeeded
, Winbind AD 4):
wbinfo -u
wbinfo -g
. DOMAIN\, - , winbind use default domain smb.conf.
, Winbind , .