Ingressando linux no AD

wilsinhofly
(usa Ubuntu)

Enviado em 03/03/2011 - 09:29h

OBS:
MAQUINAS - DOMINIO - IP
SERVIDOR: homeserver - homeserver.home.local - 192.168.170.1
ESTACAO: cups - cups.home.local - 192.168.170.3
user linux: operador
user windows: administrador, debora e user

INSTALANDO OS PACOTES NECESSARIOS

sudo apt-get update
sudo apt-get install krb5-user krb5-config libpam-krb5 winbind samba smclient smbfs samba-common libpam-mount

EDITAR ARQUIVOS /etc/hosts

sudo vim /etc/hosts

==================== /etc/hosts =========================
127.0.0.1 cups.home.local localhost cups
192.168.170.1 homeserver.home.local homeserver
192.168.170.3 cups.home cups

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
=========================================================

EDITAR ARQUIVO /etc/krb5.conf

sudo vim /etc/krb5.conf

==================== /etc/krb5.conf =====================

[libdefaults]
default_realm = HOME.LOCAL
dns_lookup_realms = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.

# default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
# permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5

# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true

[realms]
HOME.LOCAL = {
kdc = homeserver.home.local
admin_server = homeserver.home.local
kpasswd_server = homeserver.home.local
default_domain = HOME.LOCAL
}

[domain_realm]
.home.local = HOME.LOCAL
home.local = HOME.LOCAL

[login]
krb4_convert = true
krb4_get_tickets = false

=========================================================

EDITAR ARQUIVO /etc/nsswitch.conf

sudo vim /etc/nsswitch.conf

=================== /etc/nsswitch.conf ==================

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat winbind
group: compat winbind
shadow: compat

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

=========================================================

EDITAR ARQUIVO DO SAMBA /etc/samba/smb.conf

sudo vim /etc/samba/smb.conf

================ /etc/samba/smb.conf ====================

[global]
workgroup= home
max log size= 50
server string= cups
security= ads
password server= homeserver.home.local
realm= HOME.LOCAL

username map= /etc/samba/smbusers

winbind uid= 10000-20000
winbind gid= 10000-20000
winbind use default domain= true
winbind enum users= yes
winbind enum groups= yes


[pasta]
path = /home/operador
browseable = yes
writable = yes
public = yes
guest ok = yes
comment = local
create mode = 0777
force directory mode = 0777
create mask = 0777

========================================================

ENTRA COM A SENHA DE ADMINISTRADOR DO WINDOWS

kinit administrador@HOME.LOCAL
=================================(tela)==========================
operador@cups:~$ kinit administrador@HOME.LOCAL
Password for administrador@HOME.LOCAL:
operador@cups:~$
=================================================================

OBTER O TICKETS PARA O INGRESSO

klist
=================================(tela)===========================
operador@cups:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: administrador@HOME.LOCAL

Valid starting Expires Service principal
03/02/11 12:44:17 03/02/11 22:44:18 krbtgt/HOME.LOCAL@HOME.LOCAL
renew until 03/03/11 12:44:17


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
operador@cups:~$
===================================================================

INGRESSANDO NO DOMINIO

sudo net ads join -U administrador -S homeserver
ou
sudo net ads join -U administrador
=================================(tela)============================
operador@cups:~$ sudo net ads join -U administrador -S homeserver
[sudo] password for operador:
administrador's password:
Using short domain name -- HOME
Joined 'CUPS' to realm 'HOME.LOCAL'
operador@cups:~$
====================================================================

LISTA OS GRUPOS DO DOMINIO

wbinfo -g
================================(tela)=============================
operador@cups:~$ wbinfo -g
BUILTIN\administrators
BUILTIN\users
computadores do domínio
controladores de domínio
administradores de esquemas
administração de empresa
admins. do domínio
usuários do domínio
convidados domínio
proprietários criadores de diretiva de grupo
dnsupdateproxy
operador@cups:~$
====================================================================

LISTA OS USUARIOS DO DOMINIO

wbinfo -u
==================================(tela)============================
operador@cups:~$ wbinfo -u
administrador
convidado
support_388945a0
krbtgt
debora
user
operador@cups:~$
=====================================================================