{"id":260,"date":"2011-10-18T20:31:21","date_gmt":"2011-10-18T18:31:21","guid":{"rendered":"http:\/\/diablo.craem.net\/wordpress\/?p=260"},"modified":"2011-10-18T20:31:21","modified_gmt":"2011-10-18T18:31:21","slug":"squid-active-directory-parte-2","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=260","title":{"rendered":"Squid + Active Directory ::parte 2::"},"content":{"rendered":"

Ahora, en este segundo paso, configuraremos el cliente kerberos en nuesto linux<\/em>, para ello editaremos el fichero \/etc\/krb5.conf<\/em>. Previamente lo copiamos…
\n
\n# cp \/etc\/krb5.conf \/etc\/krb5_old.conf
\n<\/code>
\nPartiendo de los siguientes datos:
\n
\nservidor AD : 192.168.2.1
\ndominio : midominio.local
\nNombre Servidor AD: miservidor
\n<\/strong>
\nBorramos todo el contenido y lo dejamos tal que:
\n
\n[libdefaults]
\n default_realm = MIDOMINIO.LOCAL
\n clockskew = 300
\n[realms]
\n MIDOMINIO.LOCAL = {
\n kdc = 192.168.2.1
\n default_domain = midominio.local
\n admin_server = 192.168.2.1
\n}
\nmidominio.local = {
\n kdc = 192.168.2.1
\n default_domain = midominio.local
\n admin_server = 192.168.2.1
\n}
\nmidominio = {
\n kdc = 192.168.2.1
\n default_domain = midominio
\n admin_server = midominio.local
\n}
\n[logging]
\n kdc = FILE:\/var\/log\/krb5\/krb5kdc.log
\n admin_server = FILE:\/var\/log\/krb5\/kadmind.log
\n default = SYSLOG:NOTICE:DAEMON
\n[domain_realm]
\n .midominio = midominio
\n .midominio.local = MIDOMINIO.LOCAL
\n[appdefaults]
\npam = {
\n ticket_lifetime = 1d
\n renew_lifetime = 1d
\n forwardable = true
\n proxiable = false
\n retain_after_close = false
\n minimum_uid = 0
\n try_first_pass = true
\n}
\n<\/code>
\nUna vez editado este fichero, vamos a crear el ticket kerberos, para ello, tecleamos:
\n
\nkinit administrador
\n<\/code>
\nSi todo va bien, nos pedir\u00e1 el password de administrador; no deber\u00e1 de mostrar nada. Si no ha ido bien, deberemos repasar los pasos anteriores.
\nAhora toca configurar samba<\/strong><\/em>, para ello copiaremos y editaremos el fichero \/etc\/samba\/smb.conf<\/em>
\n
\n# cp \/etc\/samba\/smb.conf \/etc\/samba\/smb_old.conf
\n<\/code>
\nBorramos el contenido y lo dejamos tal que:
\n
\n[global]
\n security = ADS
\n netbios name = superTUXsErver
\n realm = MIDOMINIO.LOCAL
\n password server = miservidor_ad.midominio.local
\n workgroup = MIDOMINIO
\n log level = 1
\n syslog = 0
\n idmap uid = 10000-29999
\n idmap gid = 10000-29999
\n winbind separator = +
\n winbind enum users = yes
\n winbind enum groups = yes
\n winbind use default domain = yes
\n template homedir = \/home\/%D\/%U
\n template shell = \/bin\/bash
\n client use spnego = yes
\n domain master = no
\n server string = Super TUX Client AD
\n encrypt passwords = yes
\n[homes]
\n comment = Home Directories
\n valid users = %S
\n browseable = No
\n read only = No
\n inherit acls = Yes
\n[profiles]
\n comment = Network Profiles Service
\n path = %H
\n read only = No
\n store dos attributes = Yes
\n create mask = 0600
\n directory mask = 0700
\n<\/code>
\nUna vez editado, reiniciamos samba:
\n
\n#\/etc\/init.d\/samba restart
\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

Ahora, en este segundo paso, configuraremos el cliente kerberos en nuesto linux, para ello editaremos el fichero \/etc\/krb5.conf. Previamente lo copiamos… # cp \/etc\/krb5.conf \/etc\/krb5_old.conf Partiendo de los siguientes datos: servidor AD : 192.168.2.1 dominio : midominio.local Nombre Servidor AD: miservidor Borramos todo el contenido y lo dejamos tal que: [libdefaults] default_realm = MIDOMINIO.LOCAL clockskew […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[16,58,97,102,166,177],"class_list":["post-260","post","type-post","status-publish","format-standard","hentry","category-varios","tag-active-directory","tag-debian","tag-kerberos","tag-linux-2","tag-samba","tag-squid"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=260"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/260\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}