Enviado por Fernando Ruza a la lista de usuarios Debian
Instalacion de Samba y Winbind
# apt-get install samba
# apt-get install winbind
Ediccion del fichero de configuracion de samba /etc/samba/smb.conf
workgroup = <DOMINIO> security = domain password servers = DOMPDC DOMBDC (password servers = *) encrypted passwords = yes winbind separator = \ # use uids from 10000 to 20000 for domain users idmap uid = 10000-20000 # use gids from 10000 to 20000 for domain groups idmap gid = 10000-20000 # allow enumeration of winbindusers and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell ( only needed if they have telnet access ) template homedir = /home/winnt/%D/%U template shell = /bin/bash
Ediccion del fichero de configuracion /etc/nsswitch.conf
passwd: files winbind shadow: files group: files winbind
Hacemos que la maquina forme parte del dominio
# net rpc join -S
Arrancamos Samba y Winbind
# /etc/init.d/samba start
# /etc/init.d/winbind start
Probamos que todo funciona con los siguientes comandos:
# wbinfo -u
# wbinfo -g
# getent passwd
# getent group
Winbind y PAM
Paramos Samba y Winbind
# /etc/init.d/samba stop
# /etc/init.d/winbind stop
Editamos el fichero de configuracion del modulo de login de PAM (/etc/pam.d/login) para incluir lo siguiente:
auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 @include common-auth @include common-account @include common-session session optional /lib/security/pam_console.so @include common-password
Si queremos que ssh tambien use winbind para usar la base de datos del
dominio de windows (el directorio activo) modificamos /etc/pam.d/ssh:
auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so auth required /lib/security/pam_pwdb.so use_first_pass account sufficient /lib/security/pam_unix.so account required /lib/security/pam_winbind.so session required /lib/security/pam_unix.so session required /lib/security/pam_winbind.so password required /lib/security/pam_unix.so password required /lib/security/pam_winbind.so
Si tambien queremos que gdm use la base de datos del dominio de windows
(el directorio activo) modificamos su fichero en /etc/pam.d/gdm y
ponemos lo siguiente:
auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022 auth requisite pam_nologin.so auth required pam_env.so @include common-auth @include common-account session required pam_limits.so @include common-session session optional /lib/security/pam_console.so @include common-password