Previous post i have shared the configuration steps to install Gluster,CTDB & CIFS/SAMBA.
In this tutorial i have shared one more step to integrate the Active Directory and CTDB samba share.
First we need to check AD server has to be reachable. then add host entry from both the server to initialised the communication between AD and samba servers.
# vi /etc/hosts
10.0.18.14 LDAPSERVER01.open.local LDAPSERVER01
My host file
Prerequisites.
# yum -y install samba-winbind samba-winbind-clients pam_krb5 krb5-libs
If the above required packages installed follow the steps to integeration between AD and CTDB.
Edit kerberos file to integrate the domain server. before edit backup the default configuration file.
# cp /etc/krb5.conf /etc/krb5.conf.old
# vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5.kdc.log
admin_server = FILE:/var/log/kadmin.log
[libdefaults]
default_realm = OPEN.LOCAL
dns_lookup_realm = false
dnslookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5.kdc.log
admin_server = FILE:/var/log/kadmin.log
[libdefaults]
default_realm = OPEN.LOCAL
dns_lookup_realm = false
dnslookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
open.local = { kdc = LDAPSERVER01.OPEN.LOCAL
admin_server = LDAPSERVER01.OPEN.LOCAL }
[domain_realm]
.open.local = OPEN.LOCAL
admin_server = LDAPSERVER01.OPEN.LOCAL }
[domain_realm]
.open.local = OPEN.LOCAL
open.local = OPEN.LOCAL
Edit nsswitch.conf to store authentication information add below lines
# vi /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
shadow: files winbind
group: files winbind
Then needs to be edit the samba configuration file to access the samba share to authenticate over AD.
# vi /data/store01/lock/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
clustering = yes
idmap backend = tdb2
private dir = /data/store01/lock
netbios name = cluster-share
workgroup = OPEN
realm = open.local
security = ads
auth methods = winbind, sam
idmap uid = 100000-200000
idmap gid = 100000-200000
idmap config * : range = 16777216-33554431
template homedir = /home/%U
template shell =/bin/bash
winbind use default domain = yes
winbind offline logon =false
winbind enum users = yes
winbind enum groups = yes
log file =/var/log/samba/%m.log
max log size = 0
local master = no
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
winbind separator = +
password server = 10.0.18.14
[ORACLE_FILES]
comment = Gluster and CTDB based share
path = /data/store01/share
read only = no
writeable = yes
guest ok = yes
browseable = yes
create mask = 0777
directory mask = 0777
#valid user = user01
[gluster-data1]
comment = For samba share of volume data1
vfs objects = glusterfs
glusterfs:volume = data1
glusterfs:logfile = /var/log/samba/glusterfs-data1.%M.log
glusterfs:loglevel = 7
path = /
read only = no
guest ok = yes
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
clustering = yes
idmap backend = tdb2
private dir = /data/store01/lock
netbios name = cluster-share
workgroup = OPEN
realm = open.local
security = ads
auth methods = winbind, sam
idmap uid = 100000-200000
idmap gid = 100000-200000
idmap config * : range = 16777216-33554431
template homedir = /home/%U
template shell =/bin/bash
winbind use default domain = yes
winbind offline logon =false
winbind enum users = yes
winbind enum groups = yes
log file =/var/log/samba/%m.log
max log size = 0
local master = no
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
winbind separator = +
password server = 10.0.18.14
[ORACLE_FILES]
comment = Gluster and CTDB based share
path = /data/store01/share
read only = no
writeable = yes
guest ok = yes
browseable = yes
create mask = 0777
directory mask = 0777
#valid user = user01
[gluster-data1]
comment = For samba share of volume data1
vfs objects = glusterfs
glusterfs:volume = data1
glusterfs:logfile = /var/log/samba/glusterfs-data1.%M.log
glusterfs:loglevel = 7
path = /
read only = no
guest ok = yes
If you done with smb configuration to copy the file from both the server where the samba configuration located.
# cp /data/store01/lock/smb.conf /etc/smb.conf
# systemctl stop winbind.service
# systemctl disable winbind.service
Every thing done restart the ctdb.service on both servers.
# systemctl restart ctdb.service
Join AD server to authenticate samba share using below command after executed give administrator password instant of ad server.
# net ads join -U administrator -S LDAPSERVER01.open.local
Check users.
# wbinfo -u
Join AD server to authenticate samba share using below command after executed give administrator password instant of ad server.
# net ads join -U administrator -S LDAPSERVER01.open.local
Check users.
# wbinfo -u
//10.0.18.12 to access AD user and password.
CTDB & AD integration done.
# chmod 755 /tmp/myscript.sh
linux, Linux Box, Linux Desktop, Linux Distribution, Linux Distributions, Linux Distros, Linux Drivers, Linux for Newb's, Linux Geek, Linux Journal, Linux Machine, Linux News, Linux Operating System, Linux Server, Linux Servers, Linux Shell, Linux Tutorials, Linux Users, Linux Version, Linux Video,Linux Windows, Linux Wine, Little Bit, Localhost, Local Host Logging, Logic, Logs, Long Time, Netbook, Networking, Open Linux, Open Office, Open Source, Open Source Application, Open Source, Community, Open Source Developers, Open Source Software, Open Ssh, Operating System, Operating Systems, Optimization,
No comments:
Post a Comment