samba ads配置
yum install -y krb5-libs krb5-deve krb5-workstation pam_krb5 ntp yum install -y samba samba-client samba-winbind-clients samba-winbind samba-common samba4-libs samba-swat ###修改dns解析 指向内部域dns echo " nameserver 172.16.0.10 " >/etc/resolv.conf ########### \cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ntpdate ad.xxxx.com #ntp6.aliyun.com echo "*/3 * * * * /usr/sbin/ntpdate ad.xxxx.com &> /dev/null" > /tmp/crontab crontab /tmp/crontab ########## rpm -qa |grep krb5 rpm -qa |grep samba sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config setenforce 0 sed -i "s#HOSTNAME=.*#HOSTNAME=$(hostname)#g" /etc/sysconfig/network #sed -i 's#HOSTNAME=.*##' /etc/sysconfig/network-scripts/ifcfg-eth0 echo " 127.0.0.1 $(hostname).xxxx.com $(hostname) " >>/etc/hosts #sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf echo " [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = xxxx.com dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes [realms] xxxx.com = { kdc = ad.xxxx.com:88 admin_server = ad.xxxx.com:749 default_domain = xxxx.com } [domain_realm] .xxxx.com = xxxx.com xxxx.com = xxxx.com [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } " >/etc/krb5.conf echo " passwd: files winbind shadow: files winbind group: files winbind hosts: files dns " >/etc/nsswitch.conf echo " # = = = = = = = = = = = ==GlobalSettings = = = = = = = = = = = = = = = = = #-----------------------NetworkRelated Options ------------------------- workgroup =XXXX server string = Samba Server Version %v netbios name =$(hostname) # ----------------------- Domain Members Options ------------------------ security = ads passdb backend = tdbsam realm = xxxx.com password server = ad.xxxx.com encrypt passwords = yes idmap uid = 16777216-33554431 idmap gid = 18777216-33554431 template shell = /bin/bash template homedir = /home/%U winbind use default domain = true winbind offline logon = false winbind enum groups = yes winbind enum users = yes winbind separator = / [global] ;security = ads ;idmap uid = 16777216-33554431 ; idmap gid = 16777216-33554431 ;template shell = /bin/bash ; winbind use default domain = true ; winbind offline logon = false [home] path = /home/%D/%U browsable = no [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] path = /test write list = XXXX/administrator,XXXX/admin valid users = XXXX/administrator,XXXX/admin writeable = yes read only = yes browsable = yes create mask = 0777 directory mask = 0777 " >/etc/samba/smb.conf yum install setuptool -y ------------------------------------------------------------------------------------------------------- #域连接测试 kinit -V administrator@xxxx.com klist #authconfig --enablewinbindauth --enablemd5 --enablekrb5 --disableshadow --update #加入域 net ads join -U administrator@xxxx.com service smb restart service winbind restart chkconfig winbind on chkconfig smb on #测试是否加入域 wbinfo -t #读取域用户组信息 wbinfo -g #读取域用户信息 wbinfo -u #检测加入的域 wbinfo -m ###离开域 net ads leave -U administrator@xxxx.com