{"id":1983,"date":"2022-04-10T14:59:27","date_gmt":"2022-04-10T05:59:27","guid":{"rendered":"https:\/\/weblog.hirohiro716.com\/?p=1983"},"modified":"2024-06-15T09:52:23","modified_gmt":"2024-06-15T00:52:23","slug":"almalinux8%e3%81%a7ipa%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e3%81%a7%e8%aa%8d%e8%a8%bc%e3%81%a7%e3%81%8d%e3%82%8bsamba%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e3%81%ae","status":"publish","type":"post","link":"https:\/\/weblog.hirohiro716.com\/?p=1983","title":{"rendered":"AlmaLinux8\u3067IPA\u30e6\u30fc\u30b6\u30fc\u8a8d\u8a3c\u3067\u304d\u308bsamba\u30d5\u30a1\u30a4\u30eb\u30b5\u30fc\u30d0\u30fc\u306e\u8a2d\u5b9a"},"content":{"rendered":"

\u74b0\u5883<\/h3>\n

\u3053\u3053<\/a>\u306e\u624b\u9806\u3067\u69cb\u7bc9\u3057\u305fIPA\u30b5\u30fc\u30d0\u30fc\u3067\u8a8d\u8a3c\u3059\u308b\u3002<\/p>\n

\r\n\u30fb AlmaLinux\u306e\u30d0\u30fc\u30b8\u30e7\u30f3: 8.5\r\n\u30fb \u30db\u30b9\u30c8\u540d: samba.local.example.com\r\n\u30fb IP\u30a2\u30c9\u30ec\u30b9: 192.168.0.12\r\n\u30fb samba\u306e\u30d0\u30fc\u30b8\u30e7\u30f3: 4.14.5\r\n\u30fb ipa-client\u306e\u30d0\u30fc\u30b8\u30e7\u30f3: 4.9.6\r\n<\/pre>\n
IPA\u30b5\u30fc\u30d0\u30fc\u3067\u306e\u4f5c\u696d\u624b\u9806<\/h3>\n
\nIPA\u30b5\u30fc\u30d0\u30fc\u306eIdM\u306bWEB\u30d6\u30e9\u30a6\u30b6\u3067\u30a2\u30af\u30bb\u30b9\u3057\u3066\u3001\u30db\u30b9\u30c8\u300csamba.local.example.com\u300d\u3092IP\u30a2\u30c9\u30ec\u30b9\u300c192.168.0.12\u300d\u3067\u8ffd\u52a0\u3059\u308b\u3002\n<\/p>\n
\nIPA\u30b5\u30fc\u30d0\u30fc\u3067samba\u304b\u3089\u306e\u8a8d\u8a3c\u8981\u6c42\u3092\u51e6\u7406\u3059\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002\n<\/p>\n
\r\n# dnf install ipa-server-trust-ad\r\n<\/pre>\n
\n\u4e0b\u8a18\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066samba\u3092\u4fe1\u983c\u8a2d\u5b9a\u3059\u308b\u3002\n<\/p>\n
\r\n# ipa-adtrust-install\r\n<\/pre>\n
\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306b\u4f8b\u5916\u3092\u767b\u9332\u3059\u308b\u3002<\/p>\n
\r\n# firewall-cmd --permanent --add-service=freeipa-trust\r\n# firewall-cmd --reload\r\n<\/pre>\n
\nIPA\u30b5\u30fc\u30d0\u30fc\u3092\u518d\u8d77\u52d5\u3059\u308b\u3002\n<\/p>\n
\r\n# systemctl restart ipa\r\n<\/pre>\n
\n\u203b\u30bb\u30ab\u30f3\u30c0\u30eaIPA\u30b5\u30fc\u30d0\u30fc\u3067\u3082samba\u304b\u3089\u306e\u8a8d\u8a3c\u8981\u6c42\u3092\u51e6\u7406\u3057\u305f\u3044\u5834\u5408\u306f\u540c\u69d8\u306e\u8a2d\u5b9a\u624b\u9806\u3092\u30bb\u30ab\u30f3\u30c0\u30ea\u3067\u3082\u884c\u3046\u5fc5\u8981\u304c\u3042\u308b\n<\/p>\n
Samba\u30b5\u30fc\u30d0\u30fc\u3067\u306e\u4f5c\u696d\u624b\u9806<\/h3>\n
\nFQDN\u3067\u30db\u30b9\u30c8\u540d\u3092\u8a2d\u5b9a\u3059\u308b\u3002\n<\/p>\n
\r\n# hostnamectl set-hostname samba.local.example.com\r\n<\/pre>\n
\n\u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002\n<\/p>\n
\r\n# dnf install ipa-client-samba\r\n<\/pre>\n
\nIPA\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u3057\u3066\u8a2d\u5b9a\u3059\u308b\u3002\n<\/p>\n
\r\n# ipa-client-install\r\n<\/pre>\n
\u5171\u6709\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3059\u308b\u3002
\n\u203broot\u4ee5\u5916\u304c\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u3044\u3088\u3046\u306b\u3059\u308b<\/p>\n
\r\n# mkdir -p \/var\/samba\/share\r\n# chmod 770 \/var\/samba\/share\r\n<\/pre>\n
\nsamba\u69cb\u6210\u30e6\u30fc\u30c6\u30a3\u30ea\u30c6\u30a3\u3092\u5b9f\u884c\u3057\u3066\u521d\u671f\u8a2d\u5b9a\u3059\u308b\u3002\n<\/p>\n
\r\n# ipa-client-samba\r\n<\/pre>\n
\u521d\u671f\u8a2d\u5b9a\u3055\u308c\u305fsamba\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3057\u3066\u6700\u4e0b\u884c\u306b\u8ffd\u8a18\u3059\u308b\u3002
\n\u203b\u300cforce user\u300d\u306broot\u3092\u6307\u5b9a\u3057\u3066\u30d5\u30a1\u30a4\u30eb\u64cd\u4f5c\u3092root\u3067\u5b9f\u884c\u3055\u305b\u308b<\/p>\n
\r\n[share]\r\npath = \/var\/samba\/share\r\ncreate mask = 0660\r\ndirectory mask = 0770\r\nforce user = root\r\nwritable = yes\r\nvalid users = @testgroup\r\n<\/pre>\n
\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306b\u4f8b\u5916\u3092\u767b\u9332\u3059\u308b\u3002<\/p>\n
\r\n# firewall-cmd --permanent --add-service=samba\r\n# firewall-cmd --reload\r\n<\/pre>\n
SELinux\u306e\u30e9\u30d9\u30eb\u4ed8\u3051\u3092\u884c\u3046\u3002<\/p>\n
\r\n# semanage fcontext -a -t samba_share_t "\/var\/samba\/share(\/.*)?"\r\n# restorecon -RF \/var\/samba\/share\/\r\n<\/pre>\n
SELinux\u306bsmbd\u306b\u3088\u308b\u30d1\u30d6\u30ea\u30c3\u30af\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3078\u306e\u66f8\u304d\u8fbc\u307f\u3092\u6709\u52b9\u306b\u3059\u308b\u3002<\/p>\n
\r\n# setsebool -P allow_smbd_anon_write true\r\n<\/pre>\n
\u30b5\u30fc\u30d3\u30b9\u3092\u6709\u52b9\u306b\u3057\u3066\u8d77\u52d5\u3059\u308b\u3002<\/p>\n
\r\n# systemctl enable --now smb\r\n# systemctl enable --now winbind\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
\u74b0\u5883 \u3053\u3053\u306e\u624b\u9806\u3067\u69cb\u7bc9\u3057\u305fIPA\u30b5\u30fc\u30d0\u30fc\u3067\u8a8d\u8a3c\u3059\u308b\u3002 \u30fb AlmaLinux\u306e\u30d0\u30fc\u30b8\u30e7\u30f3: 8.5 \u30fb \u30db\u30b9\u30c8\u540d: samba.local.example.com \u30fb IP\u30a2\u30c9\u30ec\u30b9: 192.168.0.12 \u30fb sam […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[31,27],"tags":[],"class_list":["post-1983","post","type-post","status-publish","format-standard","hentry","category-almalinux","category-freeipa"],"views":1298,"_links":{"self":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/1983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1983"}],"version-history":[{"count":14,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/1983\/revisions"}],"predecessor-version":[{"id":2710,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/1983\/revisions\/2710"}],"wp:attachment":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}