samba ads配置
yum install -y krb5-libs krb5-deve krb5-workstation pam_krb5 ntp
yum install -y samba samba-client samba-winbind-clients samba-winbind samba-common samba4-libs samba-swat
###修改dns解析 指向内部域dns
echo "
nameserver 172.16.0.10
" >/etc/resolv.conf
###########
\cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate ad.xxxx.com #ntp6.aliyun.com
echo "*/3 * * * * /usr/sbin/ntpdate ad.xxxx.com &> /dev/null" > /tmp/crontab
crontab /tmp/crontab
##########
rpm -qa |grep krb5
rpm -qa |grep samba
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
sed -i "s#HOSTNAME=.*#HOSTNAME=$(hostname)#g" /etc/sysconfig/network
#sed -i 's#HOSTNAME=.*##' /etc/sysconfig/network-scripts/ifcfg-eth0
echo "
127.0.0.1 $(hostname).xxxx.com $(hostname)
" >>/etc/hosts
#sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf
echo "
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = xxxx.com
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
[realms]
xxxx.com = {
kdc = ad.xxxx.com:88
admin_server = ad.xxxx.com:749
default_domain = xxxx.com
}
[domain_realm]
.xxxx.com = xxxx.com
xxxx.com = xxxx.com
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
" >/etc/krb5.conf
echo "
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
" >/etc/nsswitch.conf
echo "
# = = = = = = = = = = = ==GlobalSettings = = = = = = = = = = = = = = = = =
#-----------------------NetworkRelated Options -------------------------
workgroup =XXXX
server string = Samba Server Version %v
netbios name =$(hostname)
# ----------------------- Domain Members Options ------------------------
security = ads
passdb backend = tdbsam
realm = xxxx.com
password server = ad.xxxx.com
encrypt passwords = yes
idmap uid = 16777216-33554431
idmap gid = 18777216-33554431
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = true
winbind offline logon = false
winbind enum groups = yes
winbind enum users = yes
winbind separator = /
[global]
;security = ads
;idmap uid = 16777216-33554431
; idmap gid = 16777216-33554431
;template shell = /bin/bash
; winbind use default domain = true
; winbind offline logon = false
[home]
path = /home/%D/%U
browsable = no
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[test]
path = /test
write list = XXXX/administrator,XXXX/admin
valid users = XXXX/administrator,XXXX/admin
writeable = yes
read only = yes
browsable = yes
create mask = 0777
directory mask = 0777
" >/etc/samba/smb.conf
yum install setuptool -y
-------------------------------------------------------------------------------------------------------
#域连接测试
kinit -V administrator@xxxx.com
klist
#authconfig --enablewinbindauth --enablemd5 --enablekrb5 --disableshadow --update
#加入域
net ads join -U administrator@xxxx.com
service smb restart
service winbind restart
chkconfig winbind on
chkconfig smb on
#测试是否加入域
wbinfo -t
#读取域用户组信息
wbinfo -g
#读取域用户信息
wbinfo -u
#检测加入的域
wbinfo -m
###离开域
net ads leave -U administrator@xxxx.com