Ставим пакеты:
yum install krb5-workstation realmd sssd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools -y
Настраиваем конфиг /etc/krb5.conf:
includedir /var/lib/sss/pubconf/krb5.include.d/</code> [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt default_ccache_name = KEYRING:persistent:%{uid} default_realm = DOMAIN.LOCAL dns_lookup_kdc = true dns_lookup_realm = true default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 [realms] DOMAIN.LOCAL = { kdc = dc01.domain.local kdc = dc02.domain.local default_domain = domain.local admin_server = dc01.domain.local admin_server = dc02.domain.local kpasswd_server = dc01.domain.local kpasswd_server = dc02.domain.local } [domain_realm] .DOMAIN.LOCAL = DOMAIN.LOCAL DOMAIN.local = DOMAIN.LOCAL
Обратите внимание – домен надо ОБЯЗАТЕЛЬНО писать большими буквами.
В конфиге самбы также указываем домен /etc/samba/smb.conf:
[global] workgroup = domain password server = dc01.domain.local dc02.domain.local realm = DOMAIN.LOCAL security = ads idmap config * : range = 16777216-33554431 template shell = /sbin/nologin kerberos method = secrets only winbind use default domain = false winbind offline logon = false
Вводим машину в домен:
net ads join -U Administrator@DOMAIN.LOCAL
Затем генерим keytab-файл, для аутентификации без ввода пароля и сохраняем:
#ktutil ktutil: addent -password -p dns_updater@DOMAIN.LOCAL -k 1 -e rc4-hmac Password for dns_updater@DOMAIN.LOCAL:. ktutil: write_kt /usr/local/scripts/cfg/dns_updater.keytab ktutil: quit
И получаем билет:
kinit -k -t /usr/local/scripts/cfg/dns_updater.keytab dns_updater@DOMAIN.LOCAL
Обсуждение закрыто.