{"id":486,"date":"2006-01-01T10:31:12","date_gmt":"2006-01-01T01:31:12","guid":{"rendered":"http:\/\/www.kazu.tv\/blog\/?p=486"},"modified":"2006-01-01T10:31:12","modified_gmt":"2006-01-01T01:31:12","slug":"samba_3_ad","status":"publish","type":"post","link":"https:\/\/kazu.tv\/blog\/2006\/01\/01\/samba_3_ad\/","title":{"rendered":"Samba 3 + AD"},"content":{"rendered":"<p>Samba 3.0\u3068Active Directory\u3068\u9023\u643a\u3055\u305b\u308b\u3002\u3068\u8a00\u3063\u3066\u3082\u5b9f\u306f\u7d50\u69cb\u8272\u3005\u306a\u65b9\u6cd5\u304c\u3042\u308b\u3002\u3053\u3053\u3067\u306fSamba\u304cAD\u306e\u30e1\u30f3\u30d0\u30fc\u30b5\u30fc\u30d0\u30fc\u306b\u306a\u308b\u65b9\u6cd5\u3002<br \/>\n\u25cb\u74b0\u5883<br \/>\n\u30fbWindows\u30b5\u30fc\u30d0\u30fc<br \/>\nWindows Server 2003 SBS\uff08\u4eca\u56de\u3084\u3063\u305f\u5185\u5bb9\u306f\u3001\u901a\u5e38\u306e2003\u3067\u3082\u540c\u3058\u306f\u305a\uff09<br \/>\n\u30fbsamba<br \/>\nFedora Core 3<br \/>\nsamba 3.0.10<br \/>\n\u25cbsamba\u306e\u8a8d\u8a3c\u306bActive Directory\u306eKerberos\u8a8d\u8a3c\u3092\u7528\u3044\u308b<br \/>\n\u306f\u3063\u304d\u308a\u8a00\u3063\u3066@IT\u306e\u3053\u306e<a href=\"http:\/\/www.atmarkit.co.jp\/flinux\/special\/samba3b\/samba04.html\" target=\"_blank\">\u30da\u30fc\u30b8<\/a>\u306e\u307e\u307e\u3002\u7279\u306b\u96e3\u3057\u3044\u4e8b\u3082\u306a\u3044\u3002<br \/>\n\u30fb\u6ce8\u610f\u3059\u3079\u304d\u70b9<br \/>\nUNIX\u30e6\u30fc\u30b6\u30fc\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u5fc5\u8981\u3002\u4ee5\u4e0b\u306e\u65b9\u6cd5\u304c\u3042\u308b\u3002<br \/>\n&#8211; useradd\u3067\u4e8b\u524d\u306b\u4f5c\u6210\u3002passwd\u30b3\u30de\u30f3\u30c9\u306f\u4e0d\u8981\u3002<br \/>\n&#8211; add user script\u3092\u4f7f\u7528<br \/>\n&#8211; winbind\u3092\u4f7f\u7528\u3059\u308c\u3070UNIX\u30e6\u30fc\u30b6\u30fc\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u4f5c\u6210\u3082\u4e0d\u8981<br \/>\n\u25cbUNIX\u30e6\u30fc\u30b6\u30fc\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u8a8d\u8a3c\u3092AD\u3067<br \/>\n\u3053\u308c\u306f\u305f\u304b\u306f\u3057\u3082\u3068\u306e\u3076\u3055\u3093\u306e<a href=\"http:\/\/www.monyo.com\/technical\/windows\/kerberos1.html\" target=\"_blank\">\u30da\u30fc\u30b8<\/a>\u3092\u305d\u306e\u307e\u307e\u3002<br \/>\n\u3053\u306e\u5834\u5408\u3082\u3082\u3061\u308d\u3093UNIX\u30e6\u30fc\u30b6\u30fc\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u5fc5\u8981\u3002<br \/>\n&#8211; useradd\u3067\u4e8b\u524d\u306b\u4f5c\u6210\u3002passwd\u30b3\u30de\u30f3\u30c9\u306f\u4e0d\u8981\u3002<br \/>\n&#8211; add user script\u3092\u4f7f\u7528<br \/>\n\u3068\u308a\u3042\u3048\u305a\u4e0a\u306e2\u901a\u308a\u304c\u4e00\u822c\u7684\uff1f<br \/>\n\u3053\u306e\u65b9\u6cd5\u306e\u5834\u5408Kerberos\u3067\u306e\u8a8d\u8a3c\u306b\u5931\u6557\u3057\u305f\u5834\u5408\u3001\u4ed6\u306e\u8a8d\u8a3c\u65b9\u5f0f\u3092\u8a66\u307f\u308b\u3002\u5f93\u3063\u3066\u3001AD\u306b\u5b58\u5728\u3057\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u3067\u3082useradd\u3068passwd\u30b3\u30de\u30f3\u30c9\u3067\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f5c\u6210\u3059\u308c\u3070<br \/>\n\u25cb\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u8eab<br \/>\n\u4ee5\u4e0a\u306e2\u3064\u306e\u4f5c\u696d\u3092\u7d42\u3048\u305f\u6642\u70b9\u3067\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3002<br \/>\n\u30fb\/etc\/krb5.conf<\/p>\n<div class=\"code\">[logging]<br \/>\ndefault = FILE:\/var\/log\/krb5libs.log<br \/>\nkdc = FILE:\/var\/log\/krb5kdc.log<br \/>\nadmin_server = FILE:\/var\/log\/kadmind.log<br \/>\n[libdefaults]<br \/>\ndefault_realm = XXX.KAZU.TV<br \/>\ndefault_tkt_enctypes = des-cbc-md5<br \/>\ndefault_tgs_enctypes = des-cbc-md5<br \/>\ndns_lookup_realm = false<br \/>\ndns_lookup_kdc = false<br \/>\n[realms]<br \/>\nXXX.KAZU.TV = {<br \/>\nkdc = dc.xxx.kazu.tv<br \/>\n}<br \/>\n[domain_realm]<br \/>\n.xxx.kazu.tv = XXX.KAZU.TV<br \/>\nxxx.kazu.tv = XXX.KAZU.TV<br \/>\n[kdc]<br \/>\nprofile = \/var\/kerberos\/krb5kdc\/kdc.conf<br \/>\n[appdefaults]<br \/>\npam = {<br \/>\ndebug = false<br \/>\nticket_lifetime = 36000<br \/>\nrenew_lifetime = 36000<br \/>\nforwardable = true<br \/>\nkrb4_convert = false<br \/>\n}<\/div>\n<p>\u30fb\/etc\/pam.d\/system-auth<\/p>\n<div class=\"code\">#%PAM-1.0<br \/>\n# This file is auto-generated.<br \/>\n# User changes will be destroyed the next time authconfig is run.<br \/>\nauth        sufficient    \/lib\/security\/pam_krb5.so<br \/>\nauth        required      \/lib\/security\/$ISA\/pam_env.so<br \/>\nauth        sufficient    \/lib\/security\/$ISA\/pam_unix.so likeauth nullok<br \/>\nauth        required      \/lib\/security\/$ISA\/pam_deny.so<br \/>\naccount     required      \/lib\/security\/$ISA\/pam_unix.so<br \/>\naccount     sufficient    \/lib\/security\/$ISA\/pam_succeed_if.so uid < 100 quiet\naccount     required      \/lib\/security\/$ISA\/pam_permit.so\npassword    requisite     \/lib\/security\/$ISA\/pam_cracklib.so retry=3\npassword    sufficient    \/lib\/security\/$ISA\/pam_unix.so nullok use_authtok md5 shadow\npassword    required      \/lib\/security\/$ISA\/pam_deny.so\nsession     required      \/lib\/security\/$ISA\/pam_limits.so\nsession     required      \/lib\/security\/$ISA\/pam_unix.so\nsession     optional      \/lib\/security\/pam_krb5.so<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Samba 3.0\u3068Active Directory\u3068\u9023\u643a\u3055\u305b\u308b\u3002\u3068\u8a00\u3063\u3066\u3082\u5b9f\u306f\u7d50\u69cb\u8272\u3005\u306a\u65b9\u6cd5\u304c\u3042\u308b\u3002\u3053\u3053\u3067\u306fSamba\u304cAD\u306e\u30e1\u30f3\u30d0\u30fc\u30b5\u30fc\u30d0\u30fc\u306b\u306a\u308b\u65b9\u6cd5\u3002 \u25cb\u74b0\u5883 \u30fbWindows\u30b5\u30fc\u30d0\u30fc Windows Server&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-486","post","type-post","status-publish","format-standard","hentry","category-15"],"_links":{"self":[{"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/posts\/486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/comments?post=486"}],"version-history":[{"count":0,"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/posts\/486\/revisions"}],"wp:attachment":[{"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/media?parent=486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/categories?post=486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kazu.tv\/blog\/wp-json\/wp\/v2\/tags?post=486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}