{"id":3373,"date":"2013-03-01T10:39:57","date_gmt":"2013-03-01T01:39:57","guid":{"rendered":"http:\/\/lab.synergy-marketing.co.jp\/blog\/?p=3373"},"modified":"2018-11-14T16:33:55","modified_gmt":"2018-11-14T07:33:55","slug":"active-directory-auth-on-ubuntu","status":"publish","type":"post","link":"https:\/\/www.techscore.com\/blog\/2013\/03\/01\/active-directory-auth-on-ubuntu\/","title":{"rendered":"Ubuntu \u30de\u30b7\u30f3\u306b Active Directory \u8a8d\u8a3c\u3067\u30ed\u30b0\u30a4\u30f3\u51fa\u6765\u308b\u3088\u3046\u306b\u3059\u308b"},"content":{"rendered":"

Ubuntu \u30de\u30b7\u30f3\u306b Windows \u306e Active Directory \u8a8d\u8a3c\u3067 ssh \u30ed\u30b0\u30a4\u30f3\u51fa\u6765\u308b\u3088\u3046\u306b\u3059\u308b\u65b9\u6cd5\u3092\u7d39\u4ecb\u3057\u307e\u3059\u3002CentOS \u306a\u3069 Red Hat \u7cfb\u306e\u3082\u306e\u3067\u306f\u8a2d\u5b9a\u3057\u305f\u3053\u3068\u304c\u3042\u3063\u305f\u306e\u3067\u3059\u304c\u3001Debian \u7cfb\u306e\u3082\u306e\u3067\u3059\u308b\u306e\u306f\u521d\u3081\u3066\u3060\u3063\u305f\u306e\u3067\u5099\u5fd8\u9332\u3082\u517c\u306d\u3066\u8a18\u9332\u306b\u6b8b\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n

\u6700\u521d\u306b\u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002\u3053\u3053\u3067\u306f\u81ea\u52d5\u8d77\u52d5\u306e\u5236\u5fa1\u3092\u3059\u308b sysv-rc-conf \u3092\u3042\u308f\u305b\u3066\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u4eca\u56de\u306e\u76ee\u7684\u306b\u76f4\u63a5\u95a2\u4fc2\u306a\u3044\u306e\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u306a\u304f\u3066\u3082 OK \u3067\u3059\u3002<\/p>\n

# aptitude install winbind libpam-winbind samba krb5-user sysv-rc-conf<\/pre>\n
\u6700\u521d\u306b \/etc\/samba\/smb.conf<\/code> \u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u7de8\u96c6\u3057\u307e\u3059\u3002\u3053\u3053\u3067\u306f Windows \u30c9\u30e1\u30a4\u30f3\u304c MYDOMAIN \u3067\u3042\u308b\u3068\u3057\u307e\u3059\u3002<\/p>\n
[global]\nworkgroup = MYDOMAIN\nnetbios name = lab01\nrealm = MYDOMAIN\nsecurity = ads\npassdb backend = tdbsam\nallow trusted domains = No\nidmap backend = tdb\nidmap uid = 10000-20000\nidmap gid = 10000-20000\nidmap config MYDOMAIN : backend = rid\nidmap config MYDOMAIN : range = 10000 - 20000\ntemplate shell = \/bin\/bash\ntemplate homedir = \/home\/%U\nwinbind use default domain = yes\nwinbind enum users = yes\nwinbind enum groups = yes\nwinbind nested groups = yes\nwinbind expand groups = yes\nwinbind refresh tickets = yes<\/pre>\n
\u7de8\u96c6\u3057\u305f\u3089\u30c9\u30e1\u30a4\u30f3\u306b\u53c2\u52a0\u3057\u307e\u3059\u3002Administrator \u306b\u306f Active Directory \u306b\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u3092\u8ffd\u52a0\u3059\u308b\u6a29\u9650\u3092\u6301\u3064\u30e6\u30fc\u30b6\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
# net ads join -U Administrator<\/pre>\n
\/etc\/krb5.conf<\/code> \u3082\u4fee\u6b63\u3057\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u3092\u9069\u5f53\u306a\u3068\u3053\u308d\u306b\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n
[libdefaults]\n  default_realm = MYDOMAIN\n  dns_lookup_realm = true\n  dns_lookup_kdc = true\n  ticket_lifetime = 1h\n\n[realms]\n  MYDOMAIN = {\n    kdc = \u30c9\u30e1\u30a4\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306e\u30db\u30b9\u30c8\u540d\n    admin_server = \u30c9\u30e1\u30a4\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306e\u30db\u30b9\u30c8\u540d\n    default_domain = mydomain\n  }\n\n[domain_realm]\n  .mydomain = MYDOMAIN\n  mydomain = MYDOMAIN<\/pre>\n
nmbd, smbd, winbind \u3092\u518d\u8d77\u52d5\u3057\u3001\u52d5\u4f5c\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002Active Directory \u4e0a\u306e\u30b0\u30eb\u30fc\u30d7\u540d\u3084\u30e6\u30fc\u30b6\u540d\u304c\u53d6\u5f97\u3067\u304d\u308c\u3070 OK \u3067\u3059\u3002<\/p>\n
# service smbd restart\n# service nmbd restart\n# service winbind restart\n\n# wbinfo -g\n# wbinfo -u<\/pre>\n
\/etc\/nsswitch.conf<\/code> \u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u7de8\u96c6\u3057\u307e\u3059\u3002<\/p>\n
-passwd:         compat\n-group:          compat\n-shadow:         compat\n+passwd:         compat winbind\n+group:          compat winbind\n+shadow:         compat winbind\n\n-hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4\n+hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4 wins<\/pre>\n
\u7de8\u96c6\u3057\u305f\u3089\u52d5\u4f5c\u78ba\u8a8d\u3092\u3057\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066 Active Directory \u306e\u60c5\u5831\u304c\u53d6\u5f97\u3067\u304d\u308c\u3070 OK \u3067\u3059\u3002\u539f\u56e0\u306f\u3088\u304f\u308f\u304b\u3063\u3066\u3044\u306a\u3044\u306e\u3067\u3059\u304c\u3001\u4eca\u56de\u8a2d\u5b9a\u3057\u305f\u3068\u304d\u306f OS \u3092\u518d\u8d77\u52d5\u3057\u306a\u3044\u3068\u3046\u307e\u304f\u52d5\u4f5c\u3057\u307e\u305b\u3093\u3067\u3057\u305f\u3002<\/p>\n
# getent passwd\n# getent group<\/pre>\n
\u6700\u5f8c\u306b \/etc\/pam.d\/common-session<\/code> \u3092\u7de8\u96c6\u3057\u307e\u3059\u3002\u4ee5\u4e0b\u306e\u884c\u3092\u9069\u5f53\u306a\u7b87\u6240\u306b\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n
session required \/lib\/x86_64-linux-gnu\/security\/pam_mkhomedir.so skel=\/etc\/skel umask=0077<\/pre>\n
\u6700\u5f8c\u306b ssh \u306a\u3069\u3067\u30ed\u30b0\u30a4\u30f3\u51fa\u6765\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u305f\u3089\u30c7\u30fc\u30e2\u30f3\u306e\u81ea\u52d5\u8d77\u52d5\u306e\u8a2d\u5b9a\u3092\u3057\u3066\u7d42\u4e86\u3067\u3059\u3002<\/p>\n
# sysv-rc-conf nmbd on\n# sysv-rc-conf smbd on\n# sysv-rc-conf winbind on<\/pre>\n","protected":false},"excerpt":{"rendered":"
Ubuntu \u30de\u30b7\u30f3\u306b Windows \u306e Active Directory \u8a8d\u8a3c\u3067 ssh \u30ed\u30b0\u30a4\u30f3\u51fa\u6765\u308b\u3088\u3046\u306b\u3059\u308b\u65b9\u6cd5\u3092\u7d39\u4ecb\u3057\u307e\u3059\u3002
\u7d9a\u304d\u3092\u8aad\u3080...<\/a><\/p>\n","protected":false},"author":33,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[254,18],"tags":[23],"_links":{"self":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/3373"}],"collection":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/comments?post=3373"}],"version-history":[{"count":1,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/3373\/revisions"}],"predecessor-version":[{"id":13940,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/posts\/3373\/revisions\/13940"}],"wp:attachment":[{"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/media?parent=3373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/categories?post=3373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.techscore.com\/blog\/wp-json\/wp\/v2\/tags?post=3373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}