Aller à : navigation, rechercher

SAMBA - Authentification avec SSSD

Centos:

yum install realmd sssd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools ntpdate ntp

Debian :

apt-get install realmd sssd oddjob oddjob-mkhomedir adcli samba-common ntpdate ntp packagekit sssd-tools


Configurer le service NTP correctement.

Joindre la machine au domaine:

realm join --user=administrator ad.tranquil.it

Modification de /etc/sssd/sssd.conf

[sssd]
domains = ad.tranquil.it
config_file_version = 2
services = nss, pam

[domain/ad.tranquil.it]
enumerate = true
ad_domain = ad.tranquil.it
krb5_realm = AD.TRANQUIL.IT
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
access_provider = ad
auth_provider = ad
override_shell= /bin/bash
override_homedir = /home/homes/%u
ad_gpo_access_control = disabled
enumerate = true

Si vous êtes en rfc2307, ajoutez dans la section [domain]

ldap_id_mapping = False


Si vous êtes en rid, ajoutez dans la section [domain]

ldap_id_mapping = True
ldap_idmap_autorid_compat = true
ldap_idmap_range_min = 10000


Pour forcer la supression du mapping existant :

rm -f /var/lib/sss/db/cache_ad.tranquil.it.ldb