Outils pour utilisateurs
samba_ad
Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| samba_ad [2025/04/25 08:08] – [SAMBA AD] huracan | samba_ad [2025/05/28 13:37] (Version actuelle) – [Obtaining the LDAPS Certificate from the Active Directory Server] huracan | ||
|---|---|---|---|
| Ligne 4: | Ligne 4: | ||
| + | ---- | ||
| - | |||
| - | ---- | ||
| Ligne 18: | Ligne 17: | ||
| ---- | ---- | ||
| - | ==== How to Join Samba Server into Microsoft Windows Active Directory ==== | + | ===== How to Join Samba Server into Microsoft Windows Active Directory |
| Ligne 158: | Ligne 157: | ||
| However, each user that accesses the Samba server will still need to have a valid Linux user account on the server that matches the account in the AD domain. The purpose of this account is to control access to the Linux file system. The password for that account does not need to match the Microsoft Windows 2000 AD domain account password. The account does not even need to have the ability to log in locally to the Linux machine. It does have to exist however, and it must have the proper permissions to the directories you are sharing with Samba for the user to access them. This has not changed from Samba 2.2. | However, each user that accesses the Samba server will still need to have a valid Linux user account on the server that matches the account in the AD domain. The purpose of this account is to control access to the Linux file system. The password for that account does not need to match the Microsoft Windows 2000 AD domain account password. The account does not even need to have the ability to log in locally to the Linux machine. It does have to exist however, and it must have the proper permissions to the directories you are sharing with Samba for the user to access them. This has not changed from Samba 2.2. | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== How to retrieve a LDAPS certificate ===== | ||
| + | |||
| + | ==== Using OpenSSL on Any Platform to Create the LDAPS Certificate from the AD Server ==== | ||
| + | |||
| + | Using OpenSSL should work with any Active Directory Server platform. (Windows, Linux etc.). The example below, uses OpenSSL 1.1.0h 27 Mar 2018. If having difficulties using another version of OpenSSL, consult the appropriate OpenSSL documentation. | ||
| + | |||
| + | Requirements: | ||
| + | |||
| + | * Openssl | ||
| + | * FQDN or IP of the Active Directory Server | ||
| + | * LDAPS certificate installed in the Active Directory Server certificate store | ||
| + | |||
| + | Steps: | ||
| + | |||
| + | -1 Run the following command from your local computer: | ||
| + | |||
| + | openssl s_client -showcerts -connect <ip or fqdn of your active directory server>: | ||
| + | |||
| + | -2 In the output, copy the certificate portion of the output to a text file | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | 3. Save the text file as my_ldaps_cert.pem. | ||
| + | |||
| + | The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | ||
| + | |||
| + | ==== Using Openssl on a Linux Platform to obtain the LDAPS certificate from the AD server ==== | ||
| + | |||
| + | Requirements: | ||
| + | |||
| + | * Openssl installed on your Linux computer | ||
| + | * FQDN or IP of the Active Directory Server | ||
| + | * LDAPS certificate installed in the Active Directory Server certificate store | ||
| + | |||
| + | Perform the following steps: | ||
| + | |||
| + | - 1 Enter the following command from your Linux computer: | ||
| + | |||
| + | openssl s_client -showcerts -connect <fqdn of your ldap server>: | ||
| + | |||
| + | Example: | ||
| + | |||
| + | openssl s_client -showcerts -connect mydc.mycompany.com: | ||
| + | |||
| + | - 2 Upload my_ldaps_cert.pem to the PCoIP Management Console. See Installing an Active Directory Certificate in the PCoIP Management Console Administrators' | ||
| + | |||
| + | The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | ||
| + | |||
| + | ==== Obtaining the LDAPS Certificate from the Active Directory Server ==== | ||
| + | |||
| + | The example below has been successfully tried on both Windows 2008 R2 and Windows 2016 Active Directory servers. Consult with your Active Directory documentation for official methods on obtaining the LDAPs certificate for use in your deployment. | ||
| + | |||
| + | Requirements: | ||
| + | |||
| + | * FQDN or IP of the Active Directory Server | ||
| + | * Administrator username and password of the Active Directory Server | ||
| + | * LDAPS certificate installed in the Active Directory Server certificate store | ||
| + | |||
| + | Perform the following steps: | ||
| + | |||
| + | - On the Active Directory Server, login as administrator. | ||
| + | - Launch mmc.exe. | ||
| + | - From the Console, click on File > Add/Remove Snap-in | ||
| + | - In the Add or Remove Snap-ins, select Certificates, | ||
| + | - Liste numérotéeIn the Certificates snap in dialog box, select Computer account, and click Next. | ||
| + | - In the Select Computer dialog, select Local computer: (the computer this console is running on), then click Finish. | ||
| + | - In the Add or Remove Snap-ins window, click OK. | ||
| + | - In the Console, in the left pane, browse to Certificates (Local Computer) > Personal > Certificates. Choose the correct LDAPS certificate. This is the certificate with the following information: | ||
| + | - Issued To: <the fqdn of your LDAP server> | ||
| + | - Issued By: <The Certificate Authority where your admin requested the certificate from> | ||
| + | - Right-click on the certificate and click All Tasks > Export. | ||
| + | - In the Certificate Export Wizard, do the following: | ||
| + | - Select not to export the private key | ||
| + | - Choose Base-64 encoded X.509 file format | ||
| + | - Save the certificate as my_ldaps_cert.pem. | ||
| + | |||
| + | The saved certificate can be installed into any software that needs to connect to your Active Directory using LDAPS. | ||
samba_ad.1745561307.txt.gz · Dernière modification : 2025/04/25 08:08 de huracan
Outils de la page
Sauf mention contraire, le contenu de ce wiki est placé sous les termes de la licence suivante : CC Attribution-Share Alike 4.0 International
