Active Directoryソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスヌ会ソスソスiWinbindソスj

ソスナ終ソスXソスVソスソスソスF 2020.12.29

ソスソスソスTソスv

LinuxソスTソス[ソスoソス[ソスiWebソスTソス[ソスoソス[ソスAソスソスソス[ソスソスソスTソス[ソスoソス[ソスAソスtソス@ソスCソスソスソスTソス[ソスoソス[ソスjソスソスActive DirectoryソスhソスソスソスCソスソスソスヨソスソスソスソスoソス[ソスTソス[ソスoソス[ソスニゑソスソスト参ソスソスソスソスソスソスソス驍アソスニにゑソスソスAActive DirectoryソスhソスソスソスCソスソスソスフソスソス[ソスUソス[ソスソスソス利用ソスナゑソスソスソス謔、ソスノゑソスソスソスB
ソスソスソスソスソスナは、LinuxソスTソス[ソスoソス[ソスノはソスソス[ソスUソス[ソスソスソス成ソスソスソスソスソスノ、Active DirectoryソスhソスソスソスCソスソスソスフソスソス[ソスUソス[ソスソスLinuxソスTソス[ソスoソス[ソスソスフ各ソスソスTソス[ソスrソスXソスiSSHソスABASICソスFソスリ、ソスソスソス[ソスソスソスAソスtソス@ソスCソスソスソスソスソスLソスjソス利用ソスナゑソスソスソス謔、ソスノゑソスソスソスB

ソスソスActive DirectoryソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソス\ソスzソスマでゑソスソス驍アソスソス

ソスyソス\ソスzソスソスソスソスソスiソスソスjソスz
ソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスフホソスXソスgソスソス:centosdc01
ソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスソスIPソスAソスhソスソスソスX:192.168.1.2
ソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスフホソスXソスgソスソス:memberソスiソスソスソスjソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスフホソスXソスgソスソスソスソス15ソスソスソスソスソスネ難ソスソスナゑソスソス驍アソスソス
ソスhソスソスソスCソスソスソスソス:CENTOS
ソスソスソスソスソスソス:CENTOS.LOCAL

ソスyソスソスソスソスソスCソスソスソス[ソスWソスz




ソスソスソスソスソスOソスソスソスソス

[root@member ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0ソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスン抵ソスtソス@ソスCソスソスソスメ集
DNS1=192.168.1.2ソス@ソスソスソス@ソス竝ソスソスソスソスDNSソスTソス[ソスoソス[ソスソスソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスノゑソスソスソス

[root@member ~]# systemctl restart networkソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスト起ソスソスソスソスCentOS7ソスフ場合

[root@member ~]# cat /etc/resolv.confソス@ソスソスソス@ソス竝ソスソスソスソスDNSソスTソス[ソスoソス[ソスマ更ソスmソスF

nameserver 192.168.1.2

[root@member ~]# echo 192.168.1.2 centosdc01 >> /etc/hostsソス@ソスソスソス@ソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスソスIPソスAソスhソスソスソスXソスAソスzソスXソスgソスソスソスソス/etc/hostsソスノ追会ソスソスソスソスソス

ソスソスソスhソスソスソスCソスソスソスQソスソス

LinuxソスTソス[ソスoソス[ソスソスソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスニゑソスソストドソスソスソスCソスソスソスノ参ソスソスソスソスソスソスソスソスB

[root@member ~]# yum -y install samba-winbind samba-winbind-clientsソス@ソスソスソス@winbindソスCソスソスソスXソスgソス[ソスソス

[root@member ~]# authconfig-tuiソス@ソスソスソス@ソスFソスリ設抵ソス

ソスyソスFソスリの設抵ソスzソスソスソスソスソスレ間の移難ソスソスソスTabソスLソス[ソスAソスIソスソスソスソスSpaceソスLソス[ソスAソスソスソスソスソスEnterソスLソス[
ソスuソスソスソス[ソスUソス[ソスソスソスvソス|ソスuWinbindソスソスソスgソスpソスvソスソスIソスソス
ソスuソスFソスリ」ソス|ソスuWinbindソスFソスリゑソスソスgソスpソスvソスソスIソスソス
ソスuソスソスソスv



ソスyWinbindソスン抵ソスz
ソスuソスZソスLソスソスソスソスソスeソスBソスソスソスfソスソスソスvソス|ソスuadsソスvソスソスIソスソス
ソスuソスhソスソスソスCソスソスソスvソスノドソスソスソスCソスソスソスソスソスiソスソス:CENTOSソスjソスソスソスソスソス
ソスuソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソスvソスノドソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスフホソスXソスgソスソスソスiソスソス:centosdc01ソスjソスソスソスソスソス
ソスuADSソスソスソスソスソスソスソスiRealm)ソスvソスノソスソスソスソスソスソスiソスソス:CENTOS.LOCALソスjソスソスソスソスソス
ソスuソスhソスソスソスCソスソスソスQソスソスソスv



ソスyソスン抵ソスフ保托ソスソスz
ソスuソスヘゑソスソスv



ソスyJoinソスン抵ソスz
ソスuソスpソスXソスソスソス[ソスhソスvソスノドソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスソスAdministratorソスフパソスXソスソスソス[ソスhソスソスソスソスソス
ソスuOKソスv



ソスyWinbindソスン抵ソスz
ソスuOKソスv



[/usr/bin/net join -w CENTOS -S centosdc01 -U Administrator]
Enter Administrator's password:<...>

Using short domain name -- CENTOS
Joined 'MEMBER' to dns domain 'centos.local'
DNS update failed!
Winbind ソスTソス[ソスrソスXソスソスソスNソスソスソスソス:                                  [  OK  ]

ソスソスソスhソスソスソスCソスソスソスQソスソスソスmソスF

[root@member ~]# net ads infoソス@ソスソスソス@ソスhソスソスソスCソスソスソスQソスソスソスmソスF
LDAP server: 192.168.1.2
LDAP server name: centosdc01.centos.local
Realm: CENTOS.LOCAL
Bind Path: dc=CENTOS,dc=LOCAL
LDAP port: 389
Server time: ソスソス, 30 11ソスソス 2014 20:09:00 JST
KDC server: 192.168.1.2
Server time offset: 0

[root@member ~]# wbinfo -uソス@ソスソスソス@ソスソスソス[ソスUソス[ソス齬暦ソス\ソスソス
CENTOS\administrator
CENTOS\centos01
CENTOS\krbtgt
CENTOS\guest

ソスソスWinbindソスン抵ソス

Active DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスソスLinuxソスソスソス[ソスUソス[ソスニゑソスソスト使ソスpソスナゑソスソスソス謔、ソスノ以会ソスソスフ設抵ソスソスソスsソスソスソスB

ソスEソスVソスFソスソスソス利用ソスナゑソスソスソス謔、ソスノゑソスソスソス
ソスEソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスu/home/ソスソスソス[ソスUソス[ソスソスソスvソスノゑソスソスソス
ソスEソスソスソス[ソスUソス[ソスソスソスソスソスuソスhソスソスソスCソスソスソスソス\ソスソスソス[ソスUソス[ソスソスソスvソスナはなゑソスソスuソスソスソス[ソスUソス[ソスソスソスvソスノゑソスソスソス

[root@member ~]# vi /etc/samba/smb.confソス@ソスソスソス@winbindソスン抵ソスtソス@ソスCソスソスソスメ集
[global]
   ソスE
   ソスE
   ソスE
   template shell = /bin/bashソス@ソスソスソス@ソスソスソス[ソスUソス[ソスフデソスtソスHソスソスソスgソスVソスFソスソスソスソス/bin/bashソスノゑソスソスソス
   template homedir = /home/%Uソス@ソスソスソス@ソスソスソス[ソスUソス[ソスフホソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスu/home/ソスソスソス[ソスUソス[ソスソスソスvソスノゑソスソスソス
   winbind use default domain = trueソス@ソスソスソス@ソスuソスhソスソスソスCソスソスソスソス\ソスソスソス[ソスUソス[ソスソスソスvソスナはなゑソスソスuソスソスソス[ソスUソス[ソスソスソスvソスナソスソス[ソスUソス[ソスFソスリでゑソスソスソス謔、ソスノゑソスソスソス
   winbind offline logon = false

[root@member ~]# systemctl restart winbindソス@ソスソスソス@winbindソスト起ソスソスソスソスCentOS7ソスフ場合

[root@member ~]# wbinfo -uソス@ソスソスソス@ソスソスソス[ソスUソス[ソス齬暦ソス\ソスソス
administrator
centos01
krbtgt
guest

ソスソスソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスソスソス成ソスン抵ソス

LinuxソスTソス[ソスoソス[ソスソスノはソスソス[ソスUソス[ソスソスソス成ソスソスソスネゑソスソスソスソスニゑソスソスソスAソスソスソス[ソスUソス[ソスフホソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスソスソスンゑソスソスネゑソスソスソスソス゚、Active DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスソスLinuxソスTソス[ソスoソス[ソスヨアソスNソスZソスXソスソスソスソスソスロに、ソスソスソスソスソスナソスソス[ソスUソス[ソスフホソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソス成ソスソスソスソスソス謔、ソスノゑソスソスソスB

[root@member ~]# authconfig --enablemkhomedir --updateソス@ソスソスソス@ソスソスソス[ソスUソス[ソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスソスソス成ソスLソスソスソスソス

[root@member ~]# chmod 1777 /home/ソス@ソスソスソス@/homeソスfソスBソスソスソスNソスgソスソスソスpソス[ソス~ソスbソスVソスソスソスソスソスン抵ソス

ソス|ソス|ソスtソス@ソスCソスソスソスTソス[ソスoソス[ソスフみ(ソスソスソスソスソスソスソスソスjソス|ソス|

[root@member ~]# vi /etc/samba/smb.confソス@ソスソスソス@Sambaソスン抵ソスtソス@ソスCソスソスソスメ集
[homes]
        comment = Home Directories
        path = %H/samba
        browseable = no
        writable = yes
        root preexec = /usr/local/sbin/mkhomedir.sh %Uソス@ソスソスソス@ソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソス成ソスXソスNソスソスソスvソスgソスソスソスOソスソスソスsソスン抵ソスヌ会ソス

[root@member ~]# vi /usr/local/sbin/mkhomedir.shソス@ソスソスソス@ソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソス成ソスXソスNソスソスソスvソスgソス成
#!/bin/bash

if [ ! -e /home/$1 ]; then
    mkdir /home/$1
    chmod 700 /home/$1
    shopt -s dotglob ; cp -r /etc/skel/* /home/$1 ; shopt -u dotglob
    chown -R $1:"Domain Users" /home/$1
elif [ ! -e /home/$1/samba ]; then
    mkdir /home/$1/samba
    chmod 700 /home/$1/samba
    chown $1:"Domain Users" /home/$1/samba
fi
exit 0

[root@member ~]# chmod +x /usr/local/sbin/mkhomedir.shソス@ソスソスソス@ソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソス成ソスXソスNソスソスソスvソスgソスヨ趣ソスソスsソスソスソスソスソスtソスソス

[root@member ~]# systemctl restart smbソス@ソスソスソス@Sambaソスト起ソスソスソスソスCentOS7ソスフ場合

ソス|ソス|ソスtソス@ソスCソスソスソスTソス[ソスoソス[ソスフみ(ソスソスソスソスソスワで)ソス|ソス|

  • LinuxソスTソス[ソスoソス[ソスiSSHソスTソス[ソスoソス[ソスjソスソスActive DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスナソスソスOソスCソスソスソスナゑソスソス驍アソスニ、ソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスソスソスソスソスナ作成ソスソスソスソス驍アソスソス
  • LinuxソスTソス[ソスoソス[ソスiソスソスソス[ソスソスソスTソス[ソスoソス[ソスjソスソスActive DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスナ接托ソスソスナゑソスソス驍アソスニ、ソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスソスソスソスソスナ作成ソスソスソスソス驍アソスソスソスソスLinuxソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスソスソスソスソス[ソスソスソスTソス[ソスoソス[ソスフ場合
  • LinuxソスTソス[ソスoソス[ソスiソスtソス@ソスCソスソスソスTソス[ソスoソス[ソスjソスソスActive DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスナ接托ソスソスナゑソスソス驍アソスニ、ソスzソス[ソスソスソスfソスBソスソスソスNソスgソスソスソスソスソスソスソスソスソスナ作成ソスソスソスソス驍アソスソスソスソスLinuxソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスソスソスtソス@ソスCソスソスソスTソス[ソスoソス[ソスフ場合

ソスソスWebソスyソス[ソスWソスFソスソス

Active DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスソスソス^ソスpソスXソスソスソス[ソスhソスFソスリにゑソスソスAソスNソスZソスXソスソスソスソスソスソスソスsソスソスソスソス謔、ソスノゑソスソスソスB
ソスソスソスソスソスナは、ソスソスニゑソスソスソス/var/www/html/secretソスfソスBソスソスソスNソスgソスソスソスノアソスNソスZソスXソスソスソスソスソスソスソスsソスソスソス謔、ソスノゑソスソスソスB

ソスソスmod_SSLソスソスソスソスソスマでゑソスソス驍アソスソス
ソスソスWebソスTソス[ソスoソス[ソスソスソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスニゑソスソスソスActive DirectoryソスhソスソスソスCソスソスソスノ参ソスソスソスマでゑソスソス驍アソスソス
EPELソスソスソス|ソスWソスgソスソスソスソスソスソス(EPEL)ソスソスソスQソスニゑソスソスソスEPELソスソスソス|ソスWソスgソスソスソス導難ソスソスソスソスソス

[root@member ~]# yum -y install mod_authnz_external pwauthソス@ソスソスソス@mod_authnz_externalソスApwauthソスCソスソスソスXソスgソス[ソスソス

[root@member ~]# systemctl restart httpdソス@ソスソスソス@httpdソスト起ソスソスソスソスCentOS7ソスフ場合

[root@member ~]# vi /var/www/html/secret/.htaccessソス@ソスソスソス@ソスAソスNソスZソスXソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスfソスBソスソスソスNソスgソスソスソスソス.htaccessソスtソス@ソスCソスソスソス成
SSLRequireSSL
AuthName "secret page"
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
require valid-user

https://ソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスソス/secret/ソスヨアソスNソスZソスXソスソスソスソスActive DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスソスソス^ソスpソスXソスソスソス[ソスhソスナペソス[ソスWソスソスソス\ソスソスソスソスソスソス驍アソスソス

ソスソスソスpソスXソスソスソス[ソスhソスマ更

Active DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスフパソスXソスソスソス[ソスhソスマ更ソスソスWindowsソスソスナ行ソスソスソスソスソスiCtrl+Alt+DelソスLソス[ソスソスソスソスソスヒパソスXソスソスソス[ソスhソスマ更ソスjソスAWindowsソスノソスソスOソスIソスソスソスナゑソスソスネゑソスソスOソスソスソスソスソスソスソスUserminソスナパソスXソスソスソス[ソスhソスソスマ更ソスナゑソスソスソス謔、ソスノゑソスソスソスB

ソスソスUserminソスソスソスソスソスマでゑソスソス驍アソスソス
ソスソスUserminソスTソス[ソスoソス[ソスソスソスソスソスソスソスoソス[ソスTソス[ソスoソス[ソスニゑソスソスソスActive DirectoryソスhソスソスソスCソスソスソスノ参ソスソスソスマでゑソスソス驍アソスソス
[root@member ~]# vi /etc/usermin/miniserv.confソス@ソスソスソス@Userminソスン抵ソスtソス@ソスCソスソスソスメ集
#passwd_file=/etc/shadowソス@ソスソスソス@ソスsソスソスソスソス#ソスソスヌ会ソスソスソスソスソス/etc/shadowソスFソスリを無鯉ソスソスソスソスiPAMソスFソスリにゑソスソスソスj

[root@member ~]# vi /etc/usermin/changepass/configソス@ソスソスソス@ソスpソスXソスソスソス[ソスhソスマ更ソスン抵ソスtソス@ソスCソスソスソスメ集
passwd_cmd=file
ソスソス
passwd_cmd=ソス@ソスソスソス@/etc/shadowソスFソスリを無鯉ソスソスソスソスiPAMソスFソスリにゑソスソスソスj
smbpasswd=smbpasswd
ソスソス
smbpasswd=ソス@ソスソスソス@smbpasswdソスソスソスソスソスソス

[root@member ~]# vi /etc/pam.d/userminソス@ソスソスソス@UserminソスpPAMソスFソスリ設抵ソスtソス@ソスCソスソスソスメ集
#%PAM-1.0
auth       include      password-auth
account    include      password-auth
password   include      password-auth
session    include      password-auth
ソスソスLソスソスソスeソスノ擾ソスソスソスソスソスソスソスソスソス

[root@member ~]# systemctl restart userminソス@ソスソスソス@Userminソスト起ソスソスソスソスCentOS7ソスフ場合

UserminソスソスActive DirectoryソスhソスソスソスCソスソスソスソスフソスソス[ソスUソス[ソスフパソスXソスソスソス[ソスhソスソスソスマ更ソスナゑソスソス驍アソスソス


ソスソスソスヨ連ソスRソスソスソスeソスソスソスc

<!ソス\ソスeソスLソスXソスgソスフみゑソス4ソスsソス\ソスソスソスノ追会ソスソスソスCソスソスソスソスソスソス\>



ソスソスソスソスソスフペソス[ソスWソスフトソスbソスvソスヨ戻ゑソス

ソスvソスソスソスCソスoソスVソス[ソス|ソスソスソスVソス[
centossrv.com