apt-get install apache2 libapache2-mod-auth-ntlm-winbind
してntlm_auth --username ad_user
とかで確認。ls -ald /var/run/samba/winbindd_privileged
adduser www-data winbindd_priv
Alias /ntlm_auth/ "/var/www/html/ntlm_auth/"
<Directory "/var/www/html/ntlm_auth/">
NTLMAuth on
AuthType NTLM
AuthName "NTLM Authentication"
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
require valid-user
</Directory>
ServerName hoge.ad.local
KeepAlive On
LogLevel debug
a2enmod auth_ntlm_winbind
service winbind restart
service apache2 restart
mkdir -p /var/www/html/ntlm_auth
echo test > /var/www/html/ntlm_auth/index.html
これで鯖/test/を叩きに行けばOKapt-get install samba winbind libpam-krb5
echo hoge > /etc/hostname
echo search dom.local > /etc/resolvconf/resolv.conf.d/base
echo nameserver {ip_of_ad} >>/etc/resolvconf/resolv.conf.d/base
echo {ip_of_hoge} hoge hoge.dom.local >> /etc/hosts
echo {ip_of_ad} ad.dom.local >> /etc/hosts
/etc/samba/smb.confworkgroup = DOM
realm = NADA.LOCAL
security = ads
password server = ad.dom.local
netbios name = SV2015
winbind use default domain = Yes
/etc/krb5.conf[libdefaults]
default_realm = DOM.LOCAL
[realms]
DOM.LOCAL = {
kdc = ad.dom.local
admin_server = ad.dom.local
}
[domain_realm]
.dom.local = DOM.LOCAL
dom.local = DOM.LOCAL
rebootnet ads join -U dom_admin
net ads info
net ads testjoin
/etc/nsswitch.confpasswd: files winbind
shadow: files winbind
group: files winbind