1、在加入域之前:检查本地连接和 DNS修改关键性质的 3 个文件修改 /etc/samba/smb.confrootcentos # vi /etc/samba/smb.conf内容如下;#= Global Settings =#workgroup = XUANBO #域名realm = XUANBO.COM #域名security = ADSpassword server = 192.168.68.99 #DC 地址interfaces = 127.0.0.1 eth0 #网卡接口bind interfaces only = trueprinting = cpusprintcap name =
2、 cpusload printers = yesserver string = Samba Server Version %v#= Share Definitions =idmap uid = 16777216-33554431idmap gid = 16777216-33554431template shell = /sbin/nologintemplate homedir = /homes/%D/%Uwinbind use default domain = yespassword server = 192.168.68.99realm = XUANBO.COMwinbind separat
3、or = %winbind enum users = yeswinbind enum groups = yesencrypt passwords = yeshomescomment = Home Directoriespath = /homes/%D/%Uvalid users =/%D/%Ubrowseable = nowritable = yes修改/etc/nsswitch.confrootcentos # vi /etc/nsswitch.conf内容如下:passwd: files winbindshadow: files winbindgroup: files winbind修改/
4、etc/krb5.confrootcentos #vi /etc/krb5.conf内容如下:loggingdefault = FILE:/var/log/krb5libs.logkdc = FILE:/var/log/krb5kdc.logadmin_server = FILE:/var/log/kadmind.loglibdefaultsdefault_realm = XUANBO.COMdns_lookup_realm = falsedns_lookup_kdc = falseticket_lifetime = 24hforwardable = yesrealmsEXAMPLE.COM
5、= kdc = 192.168.68.99:88admin_server = 192.168.68.99:749default_domain = kdc = 192.168.68.99domain_ = XUANBO.COM = XUANBO.COMkdcprofile = /var/kerberos/krb5kdc/kdc.confappdefaultspam = debug = falseticket_lifetime = 36000renew_lifetime = 36000forwardable = truekrb4_convert = false加入域:rootcentos #net
6、 rpc join -S -U administratorPassword:Joined domain XUANBO.rootcentos # wbinfo -uadministratorguestkrbtgtvpnrootcentos # wbinfo -gBUILTIN%administratorsBUILTIN%usersdomain computersdomain controllersschema adminsenterprise adminscert publishersdomain adminsdomain usersdomain guestsgroup policy crea
7、tor ownersras and ias serversallowed rodc password replication groupdenied rodc password replication groupread-only domain controllersenterprise read-only domain controllersdnsadminsdnsupdateproxyrootcentos # wbinfo -tchecking the trust secret via RPC calls succeededlinux 加入 windows 域之完美方案 笔者这几天在研究
8、samba 服务通过 ad 域进行用户验证。在查资料的过程中发现。关于linux 加入 windows 域,网上资料不少,但是按着网上的说法做大多不成功,甚至很多人估计都不知道自己在说什么,最后一个 net ads join 就认为已经成功加入到域了,可是然后呢?作为域内的一个成员,普通的机器要可以提供域内的用户登陆;作为 samba 服务要把共享加入到目录中,这样才起到加入域的作用嘛。笔者经过反复实验,终于把 linux 加入到 windows 域一些细节记录下来,不敢独享,特拿出。笔者用的 linux 为 centos5.3。ad 域为 win2k3 sp2。域为:RWin2k3:Name
9、:ad1Ip:192.168.1.241Dns:192.168.1.241Centos5.3:Name:FilesrvIp:192.168.1.246Dns:192.168.1.241Ok,lets go!1.samba 服务器软件需求 krb5-workstation-1.2.7-19 pam_krb5-1.70-1 krb5-devel-1.2.7-19 krb5-libs-1.2.7-19 samba-3.0.5-2 rootfilesrv CentOS# rpm -qa|grep krb5krb5-auth-dialog-0.7-1krb5-libs-1.6.1-25.el5krb5-
10、devel-1.6.1-25.el5pam_krb5-2.2.14-1krb5-workstation-1.6.1-25.el5rootfilesrv CentOS# rpm -qa|grep sambasamba-swat-3.0.28-0.el5.8samba-common-3.0.28-0.el5.8samba-client-3.0.28-0.el5.8samba-3.0.28-0.el5.8如果 centos 在安装的时候没有取消默认选中的”Base”,则 krb5 的包是默认全部安装如果没有选择安装 samba 可以这样安装rootfilesrv CentOS# rpm -ivh x
11、inetd-2.3.14-10.el5.i386.rpmrootfilesrv CentOS# rpm -ivh -aid samba*.rpm2.配置 kerberos 和 samba因为笔者用的系统为 centos 所以为保证一次成功的准确率,这里就使用字符界面下的图形工具来配置了。运行 setup 工具认证配置选择:“use winbind”“use kerberos”“use winbind authertication”删除 admin server 其余的改成真实情况Realm 为域名,KDC 为域服务器的 ip配置 winbindDomain 为你的域的,左面第一个”.”前面的东东选择”join domain”,提示是否先保存配置信息,肯定是 yes 了。
