Nejdřív NTP
nastavíme do samba.conf
#GLOBAL PARAMETERS [global] workgroup = DINTERNAL realm = DOMAIN.INTERNAL preferred master = no server string = squid proxy server security = ADS encrypt passwords = yes log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups printing = cups winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind trusted domains only = Yes winbind cache time = 3600 winbind separator = + template shell = /bin/bash
do hosts přidat řádek s adresou serveru s plným i zkráceným jménem
spustit připojení k doméně a konfiguraci přihlašování do ad
authconfig \ --update \ --kickstart \ --enablewinbind \ --enablewinbindauth \ --smbsecurity=ads \ --smbworkgroup=$ADSWorkgroup \ --smbrealm=$ADSDomain \ --smbservers=$ADSServer \ --winbindjoin=$AdminUser \ --winbindtemplatehomedir=/home/%U \ --winbindtemplateshell=/bin/bash \ --enablewinbindusedefaultdomain \ --enablelocauthorize
konfigurace squidu
### NTLM auth_param ntlm \ program /usr/bin/ntlm_auth \ --diagnostics \ --helper-protocol=squid-2.5-ntlmssp \ --domain=DINTERNAL auth_param ntlm children 10 auth_param ntlm keep_alive off ### LDAP auth_param basic \ program /usr/lib/squid/squid_ldap_auth \ -R -b "dc=DOMAIN,dc=INTERNAL" \ -D user@domain.internal \ -W /etc/squid/ldappass.txt \ -f sAMAccountName=%s \ -h dc.domain.internal auth_param basic children 10 auth_param basic realm Internet Proxy auth_param basic credentialsttl 1 minute ### access list acl auth proxy_auth REQUIRED ### vynutime overeni klientu http_access deny !auth http_access allow auth
spusteni sluzeb
/sbin/chkconfig winbind on /sbin/service winbind start /sbin/chkconfig smb on /sbin/service smb start