Integration OpenMediaVault into Microsoft Active Directory

Thanks to http://bugtracker.openmediavault.org/view.php?id=487

Description: Allow the NAS to be part of a Microsoft domain

Source of information : https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto [^]

I’ve done the modification by hand in the config files and add these .deb “krb5-config krb5-user krb5-clients winbind” and it works. mainly needs to put all of that in the interfaces.

# nb : ntpd needs to be ok

vim /etc/network/interfaces
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.64.251
gateway 192.168.64.1
netmask 255.255.255.0
mtu 9000
dns-nameservers 192.168.64.204
dns-search zalin.home
dns-domain zalin.home
#
echo “domain zalin.home” >>/etc/resolvconf/resolv.conf.d/tail
#
vim /etc/hosts
192.168.64.251 omv.zalin.home omv
192.168.64.204 dc1.zalin.home
127.0.0.1 localhost
127.0.1.1 omv.zalin.home omv
#
apt-get install krb5-config krb5-user krb5-clients winbind
#
cat<<EOF>/etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = ZALIN.HOME
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1

[realms]
ZALIN.HOME = {
kdc = DC1.ZALIN.HOME:88
admin_server = DC1.ZALIN.HOME:749
kdc = DC1.ZALIN.HOME
default_domain = ZALIN.HOME
}

[domain_realm]

zalin.home = ZALIN.HOME
.zalin.home = ZALIN.HOME
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

EOF
#
kinit Administrateur@ZALIN.HOME
klist
#
vim /etc/samba/smb.conf
[global]
workgroup = ZALIN
server string = %h server
wins server = 192.168.64.204
netbios name = OMV
password server = 192.168.64.204
realm = ZALIN.HOME
security = ads
include = /etc/samba/dhcp.conf
dns proxy = no
log level = 3
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = yes
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
socket options = TCP_NODELAY
guest account = nobody
load printers = no
disable spoolss = yes
printing = bsd
printcap name = /dev/null
unix extensions = yes
wide links = no
create mask = 0777
directory mask = 0777
use sendfile = yes
null passwords = no
local master = no
time server = no
wins support = no
wins server = 192.168.64.204
unix charset = UTF-8
dos charset = CP850
display charset = LOCALE
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind cache time = 3600
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template shell = /sbin/nologin
#
# testparm

# join domain
net ads join -U Administrateur
# test
net ads testjoin
#
# winbind
# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.

passwd: compat winbind
group: compat winbind
shadow: compat

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files

protocols: db files winbind
services: db files winbind
ethers: db files
rpc: db files winbind

netgroup: nis winbind

## test winbind

wbinfo -u
wbinfo -g

getent passwd

This entry was posted in Linux CEH, Linux Tips - How to. Bookmark the permalink.