Logo GNT
Actualités Tests & Guides Bons Plans
Twitter iPhone pliant OnePlus 11 PS5 Disney+ Orange Livebox Windows 11
Entraide Linux Autres OS Linux Integration Linux dans un environement Active Directory Windows

Integration Linux dans un environement Active Directory Windows

1 réponse
Avatar
Carole
Bonjour,

Quelqu'un saurait comment faire pour :

- Indiquer a Squid/Squidgard d'utiliser l'Active Directory de mon
controleur de domaine
Windows pour authentifier les login/pass/groups ? sachant que le groups dans
active directory doit correspondre a des droits fixe a un groupe sous
squidguard

- Integrer un samba 3 dans un environement active directory pour
l'authentification et les droits d'acces aux fichiers.

Merci d'avance
Signaler un problème avec ce contenu

1 réponse

Supprimer
Cette action est irreversible, confirmez la suppression du commentaire ?
Signaler le commentaire

Veuillez sélectionner un problème

Nudité
Violence
Harcèlement
Fraude
Vente illégale
Discours haineux
Terrorisme
Autre
Avatar
runan

Bonjour,

Quelqu'un saurait comment faire pour :

- Indiquer a Squid/Squidgard d'utiliser l'Active Directory de mon
controleur de domaine
Windows pour authentifier les login/pass/groups ? sachant que le groups dans
active directory doit correspondre a des droits fixe a un groupe sous
squidguard

- Integrer un samba 3 dans un environement active directory pour
l'authentification et les droits d'acces aux fichiers.

Merci d'avance






Voici les notes que j'ai pris pour l'installation d'un Samba 3.0.7 pour

utiliser les utilisateurs de mon domaine Active Directory :

***********************************************************************************************
Samba 3.0.7

./configure --with-ldap --with-ads --with-automount --with-smbmount
--with-syslog --with-quotas --with-libsmbclient --with-acl-support
--with-winbind

./make
./make install
./make installbin
./make installman

copier un exemple de smb.conf en faisant un recherche dans les sources
dans /usr/local/samba/lib

[ etc]# cat nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files winbind
shadow: files
group: files winbind

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus

************************************************************

[ etc]# cat krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = DOMAINE.FR
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
DOMAINE.FR = {
kdc = SVCH25.DOMAINE.FR:88
admin_server = DOMAINE.fr:749
default_domain = DOMAINE.fr
}

[domain_realm]
.DOMAINE.fr = DOMAINE.FR
DOMAINE.fr = DOMAINE.FR

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
***********************************************************
[ lib]# cat smb.conf
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/09/20 14:44:44

# Global parameters
[global]
workgroup = DOMAINE
realm = DOMAINE.FR
netbios name = FEDORA
server string = Samba Server
security = ADS
password server = CONTROLEUR25 CONTROLEUR26
log file = /var/log/samba/log.smbd
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF92 SO_SNDBUF92
hostname lookups = Yes
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = CONTROLEUR25, CONTROLEUR26
ldap ssl = no
preload = global
default service = global
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%D/%U/./
winbind separator = /
winbind use default domain = Yes

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[tmp]
path = /tmp
guest ok = Yes

***********************************************************
[ bin]# ./net ads join -U administrateur
administrateur 's password:
[2004/09/20 14:26:00, 0] libads/ldap.c:ads_add_machine_acct(1283)
ads_add_machine_acct: Host account for fedora already exists - modifying
old account
Using short domain name -- DOMAINE
Joined 'FEDORA' to realm 'DOMAINE.FR'
************************************************************

cp ../samba/source/nsswitch/libnss_winbind.so /lib
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
***********************************************************************************************