=== Zametki zlogo admina &raquo; CentOS i pol'zovateli domena Windows ===


Voznikla potrebnost' puskat' na linuksovuju rabochuju stanciju
pol'zovatelej iz domena Windows. Chtoby ne idti k klientu s pustoj
golovoj i ne probovat' metodom tyka, reshil poprobovat'.

Na virtual'nye mashiny byli ustanovleny kontroller domena Windows 2003
i rabochaja stancija CentOS 5.4 (vse nastrojki po umolchaniju).

Parametry:
imja domena: dom2003.local
imja kontrollera domena: dc2003.dom2003.local
imja rabochej stancii: ws1.dom2003.local

V principe, ranee ja neodnokratno vvodil linuksovye mashiny v vindovoj
domen, no na e'tot raz bylo interesno sdelat' vse cherez standartnye
graficheskie instrumenty CentOS, ne pribegaja k pravke konfigov. Itak, ja
zapustil sistemnuju utilitu system-config-auth i vkljuchil ispol'zovanie
winbind, posle chego vvel nastrojki.



K sozhaleniju, nazhatie knopki Vojti v domen ni k chemu ne privelo,
komp'juter ne pojavilsja v Active Directory. Zashel v terminal, proveril
konfiguracionnye fajly Samba i Kerberos (tam vse bylo na pervyj
vzgljad, normal'no), i reshil vvesti komp'juter v domen obychnym metodom:


# net ads join -U Administrator
Administrator's password:
Using short domain name -- DOM2003
Failed to set servicePrincipalNames. Please ensure that the DNS domain
of this server matches the AD domain, Or rejoin with using Domain
Admin credentials.
Deleted account for 'WS1' in realm 'DOM2003.LOCAL'
Failed to join domain: Type or value exists

Otladka pokazala sledujuschee:

# net ads join -U Administrator -d 10
...
[2009/03/25 12:33:58, 10] lib/util.c:name_to_fqdn(3013)
name_to_fqdn: lookup for WS1 failed.
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
...

Pokovyrjavshis', ja obnaruzhil v fajle hosts zapis':
127.0.0.1 ws1 localhost localhost.localdomain

Ja udalil ws1 iz stroki, no e'to tozhe nichego ne dalo. V konechnom schete
prishlos' propisat' rabochuju stanciju v DNS na kontrollere domena. I vvod
v domen proshel normal'no.

Posle e'togo domennye pol'zovateli mogli loginit'sja na linuksovuju
mashinu, dlja nih avtomaticheski sozdavalis' domashnie katalogi.

[root@ws1 samba]# ls -l /home/DOM2003/
itogo 24
drwxr-xr-x 15 administrator pol'zovateli domena 4096 Mar 5 13:55
administrator
drwxr-xr-x 15 p.pupkin pol'zovateli domena 4096 Mar 5 13:55 p.pupkin
drwxr-xr-x 18 v.pupkin pol'zovateli domena 4096 Mar 5 14:04 v.pupkin

I nakonec, ja zahotel, chtoby spisok domennyh juzerov otobrazhalsja
komandoj getent passwd. Po umolchaniju e'ta funkcija otkljuchena, hotja
wbinfo -u rabotaet normal'no. Dlja ee vkljuchenija nuzhno dobavit' v fajl
smb.conf sledujuschie stroki:

winbind enum users = yes
winbind enum groups = yes

Poluchilos' sledujuschee:

administrator:*:16777217:16777216:Administrator:/home/DOM2003/
administrator:/bin/bash
gost':*:16777219:16777221:Gost':/home/DOM2003/gost':/bin/bash
support_388945a0:*:16777220:16777216:SUPPORT_388945a0:/home/DOM2003/
support_388945a0:/bin/bash
krbtgt:*:16777221:16777216:krbtgt:/home/DOM2003/krbtgt:/bin/bash
v.pupkin:*:16777216:16777216:Vasya Pupkin:/home/DOM2003/v.pupkin:/bin/
bash
p.pupkin:*:16777218:16777216:Petya Pupkin:/home/DOM2003/p.pupkin:/bin/
bash

Itak, vyvody:
Graficheskaja utilita vnosit pravil'nye izmenenija v konfiguracionnye
fajly. Dumaju, ona smogla by pravil'no vvesti rabochuju stanciju v domen,
esli by ja pozabotilsja o DNS. Takzhe ono srabotalo by, esli by na
kontrollere domena stojal DHCP server, kotoryj sam by zaregistriroval v
DNS novuju rabochuju stanciju.
Funkcional getent passwd ne objazatelen, vse prekrasno rabotaet bez
nego. E'to uzh ja zahotel po starinke&

V obschem, pol'zovat'sja linuksom stanovitsja vse legche i legche.

V dal'nejshih planah dozhdat'sja versii 5.5 i poprobovat' provernut' to
zhe s domenom Windows 2008.


.