====== Active Directory Domain Member ======
===== Grundlagen =====
[[https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member|Setting up Samba as an Active Directory Domain Member]]

**Voraussetzung:**
  * Installation eines [[server:ad-dc|Active Directory Domain Controllers]]
  * Das Server-Gerät mit Betriebssystem nach Anleitung [[devices:server|Server]] installieren.

<code>
nano /etc/hosts
</code>
<sxh xml; title: /etc/hosts>
192.168.178.4 dm1.ds.<yourdomain>.spnds.org dm1
#127.0.1.1 auf dm1 entfernen
</sxh>

<code>
nano /etc/resolv.conf
</code>
<sxh xml; title: /etc/resolv.conf>
search ds.<yourdomain>.spdns.org
nameserver 192.168.178.3 (zeigt auf den dc1)
</sxh>

**Test DNS:** Muss nur auf dm1.ds.<yourdomain>.spdns.org und dm1 zeigen, nicht auf 127.0.0.1
<code>
getent hosts dm1
</code>

===== Installation von Samba =====
<code>
apt-get install samba smbclient
</code>

===== Installation von Kerberos =====
<code>
sudo apt-get install krb5-user
nano /etc/krb5.conf
</code>
<sxh xml; title: /etc/krb5.conf>
[libdefaults]
   default_realm = DS.<YOURDOMAIN>.SPDNS.ORG
   dns_lookup_realm = false
   dns_lookup_kdc = true
</sxh>

===== Zeitsynchronisation =====
https://wiki.samba.org/index.php/Time_Synchronisation

<code>
apt-get install ntp
nano /etc/ntp.conf
</code>
<sxh xml; title: /etc/ntp.conf>
server dc1.ds.<yourdomain>.spdns.org     iburst prefer
# server dc2.ds.<yourdomain>.spdns.org     iburst
# Die pool auskommentieren
</sxh>

<code>
systemctl restart ntp
systemctl status ntp
</code>

**Kontrolle:**
<code>
date
</code>

===== Samba vorbereiten =====
<code>
nano /etc/samba/smb.conf
</code>
<sxh xml; title: /etc/samba/smb.conf>
[global]
       	security = ADS
       	workgroup = <YOURDOMAIN>
       	realm = DS.<YOURDOMAIN>.SPDNS.ORG

       	idmap config * : backend = tdb
       	idmap config * : range = 3000-7999

	#idmap config <YOURDOMAIN>:backend = ad
	#idmap config <YOURDOMAIN>:schema_mode = rfc2307
	#idmap config <YOURDOMAIN>:range = 10000-999999
	#winbind nss info = rfc2307

	idmap config <YOURDOMAIN>:backend = rid
	idmap config <YOURDOMAIN>:range = 10000-999999
	winbind nss info = template
	template shell = /bin/bash
	template homedir = /home/%U
</sxh>

<code>
net ads join -U administrator
</code>
... und verschieben des Computers in der ADS nach srv.c1

===== Name Service Switch =====
<code>
apt-get install winbind
apt-get install libnss-winbind
nano /etc/nsswitch.conf
</code>
<sxh xml; title: /etc/nsswitch.conf>
  passwd: files winbind
  group:  files winbind
 oder
  passwd: compat winbind
  group:  compat winbind
</sxh>

<code>
systemctl enable winbind
systemctl enable smbd
systemctl enable nmbd
</code>

Neustart:
<code>
reboot
</code>

Test:
<code>
systemctl status winbind
systemctl status smbd
systemctl status nmbd
wbinfo --ping-dc
getent passwd <YOURDOMAIN>\\<Benutzername>
getent group "<YOURDOMAIN>\Domain Users"
</code>
 
Log-Files: /var/log/samba