samba ads配置

yum install -y krb5-libs krb5-deve krb5-workstation pam_krb5 ntp
yum install -y samba samba-client samba-winbind-clients samba-winbind samba-common samba4-libs samba-swat

###修改dns解析  指向内部域dns
echo "
nameserver 172.16.0.10
" >/etc/resolv.conf

###########
\cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate ad.xxxx.com #ntp6.aliyun.com 
echo "*/3 * * * * /usr/sbin/ntpdate ad.xxxx.com &> /dev/null" > /tmp/crontab
crontab /tmp/crontab
##########


rpm -qa |grep krb5
rpm -qa |grep samba

sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

sed -i "s#HOSTNAME=.*#HOSTNAME=$(hostname)#g" /etc/sysconfig/network
#sed -i 's#HOSTNAME=.*##' /etc/sysconfig/network-scripts/ifcfg-eth0 

echo "
127.0.0.1 $(hostname).xxxx.com $(hostname)
" >>/etc/hosts
#sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf

echo "
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = xxxx.com
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
[realms]
xxxx.com = {
kdc = ad.xxxx.com:88
admin_server = ad.xxxx.com:749
default_domain = xxxx.com
}
[domain_realm]
.xxxx.com = xxxx.com
xxxx.com = xxxx.com
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
" >/etc/krb5.conf

echo "
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
" >/etc/nsswitch.conf



echo "
# = = = = = = = = = = = ==GlobalSettings = = = = = = = = = = = = = = = = =
#-----------------------NetworkRelated Options -------------------------
    workgroup =XXXX
    server string  = Samba Server Version %v
    netbios name =$(hostname)
# ----------------------- Domain Members Options ------------------------
    security = ads
    passdb backend = tdbsam
    realm  = xxxx.com
    password server = ad.xxxx.com
    encrypt passwords  = yes
    idmap uid = 16777216-33554431
    idmap gid  = 18777216-33554431
    template shell = /bin/bash
    template homedir  = /home/%U
    winbind use default domain = true
    winbind offline logon  = false 
    winbind enum groups = yes
    winbind enum users  = yes
    winbind separator = /
[global]
   ;security  = ads
   ;idmap uid = 16777216-33554431
   ; idmap gid  = 16777216-33554431
   ;template shell = /bin/bash
   ; winbind use default domain  = true
   ; winbind offline logon = false
[home]
     path  = /home/%D/%U
     browsable = no
[printers]
     comment  = All Printers
     path = /var/spool/samba
     printable  = Yes
     browseable = No
[test]
     path  = /test
     write list = XXXX/administrator,XXXX/admin
     valid users  = XXXX/administrator,XXXX/admin
     writeable = yes
     read only  = yes
     browsable = yes
     create mask  = 0777
     directory mask = 0777
" >/etc/samba/smb.conf

yum install setuptool -y
-------------------------------------------------------------------------------------------------------

#域连接测试
kinit -V administrator@xxxx.com
klist     

#authconfig --enablewinbindauth --enablemd5 --enablekrb5 --disableshadow --update
     
     
#加入域 
net ads join -U administrator@xxxx.com

service smb restart
service winbind restart
chkconfig winbind on
chkconfig smb on


#测试是否加入域
wbinfo -t

#读取域用户组信息
wbinfo -g

#读取域用户信息
wbinfo -u 

#检测加入的域
wbinfo -m    


###离开域 
net ads leave -U administrator@xxxx.com