Tutorial per l’utilizzo degli utenti di active directory in squid per l’accesso a internet:

Pacchetti necessari in debian se non installati:
apt-get install krb5-config krb5-user krb5-doc winbind samba rdate

File da editare:
/etc/krb5.conf
/etc/samba/smb.conf
/etc/nsswitch.conf
/etc/hosts
/etc/resolv.conf
/etc/squid/squid.conf

krb5.conf (rispettare MAIUSCOLE/minuscole)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[logging]
default = FILE:/var/log/krb5.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log

[libdefaults]
default_realm = NOMEDOMINIOPERINTERO
dns_lookup_realm = false
dns_lookup_kdc = false
clock_skew = 300
ticket_lifetime = 24h
forwardable = yes

[realms]
NOMEDOMINIOPERINTERO = {
kdc = IPSERVERACTIVEDIRECTORY
admin_server = IPSERVERACTIVEDIRECTORY
default_domain = NOMEDOMINIOPERINTERO

[domain_realm]
.nomedominioperintero = SERVER.NOMEDOMINIOPERINTERO
nomedominioperintero = SERVER.NOMEDOMINIOPERINTERO

smb.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[global]
workgroup = DOMINIO NETBIOS
realm = DOMINIOPERINTERO
load printers = no
preferred master = no
local master = no
server string = IVOX
password server = IP SERVER ACTIVE DIRECTORY
encrypt passwords = yes
security = ADS
netbios name = NOME NETBIOS DEL BLUBOX
client signing = Yes
dns proxy = No
wins server = 192.168.120.3
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes

nota. se si vuole condividere file con accesso utenti active directory inserire: valid users = @”DOMINIONETBIOS+utenti o gruppo active direcotry” es.”@DACOSUD+domain users”