======Joindre un Domaine en tant que Serveur de fichiers======

====Pré-requis====

Pour pouvoir joindre un contrôleur de domaine, il faut configurer le serveur de DNS de la machine.\\
Par exemple, avec /etc/resolv.conf

<code conf /etc/resolv.conf>
search domain.tld
nameserver 192.168.4.2
</code>

====Initialisation====

Pour commencer, on va installer les packets nécessaires (ignorez les configurations demandées):
<code bash>
# apt install acl attr samba krb5-user krb5-config winbind smbclient libnss-winbind
</code>

Il vous faudra commencer par arrêter samba :

<code bash>
# systemctl stop nmbd smbd winbind
</code>

Il vous faudra modifier la configuration de samba :

<code conf /etc/samba/smb.conf>
[global]
	workgroup = DOMAIN
	security = ADS
	realm = DOMAIN.TLD

	winbind refresh tickets = Yes
	vfs objects = acl_xattr
	map acl inherit = Yes
	store dos attributes = Yes

        log file = /var/log/samba/log.%m
        max log size = 1000
        panic action = /usr/share/samba/panic-action %d
        map to guest = Bad User
        
        dedicated keytab file = /etc/krb5.keytab
	kerberos method = secrets and keytab

	idmap config * : backend = tdb
	idmap config * : range = 3000-7999

	idmap config DOMAIN:backend = rid
	idmap config DOMAIN:schema_mode = rfc2307
	idmap config DOMAIN:range = 10000-999999
	idmap config DOMAIN:unix_nss_info = yes
	idmap config DOMAIN:default = yes

	template shell = /bin/false
	template homedir = /dev/null

	server role = member server

 
[Mon partage]
        path = /opt/Mon partage
        read only = No

</code>


Il vous faudra configurer Kerberos  ((default_realm doit être en majuscule)): 

<code conf /etc/krb5.conf>
[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    default_realm = DOMAIN.TLD
</code>

Puis joindre le domaine :
<code bash>
# net ads join -U administrateur
</code>
<code>
Enter administrator's password: Passw0rd
Using short domain name -- DOMAIN
Joined 'fs' to dns domain 'domain.tld'
</code>

Il faudra ensuite ajouter **winbind** a la fin des deux lignes suivantes :

<code file /etc/nsswitch.conf [highlight_lines_extra="7,8"]>
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd winbind
group:          files systemd winbind
shadow:         files
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

</code>

et pour finir démarrer les services

<code bash>
# systemctl start nmbd smbd winbind
</code>