 fedora7加入windows域的配置: 过程中有很多错误,但总算是成功。 1. 图像方式 [root]#setup 选择winbind方式,依次输入,最后加入。 在执行图像方式的过程中,有重起winbind的过程,但是报 “关闭 Winbind服务: [失败]” 所以我又按命令方式进行。 2. 命令行方式 [root]#net rpc join domain.com -U admin Password: Joined domain doamin. 按man文档,假如不行try net rpc join -S domain.com -U admin or net rpc join -W domain.com -U admin #查看域里用户信息 [root]#wbinfo -u #查看域里组的信息 [root]#wbinfo -g #以下是一些参考信息 Linux?用AD?? 注意:smb.conf文档中 realm = COMPANY.COM password server = system.company.com 上面俩行前面是没有“;”的。 要了解域名,连同完整的域的机器名 安装samba: 注意在configure的时候,./configure ?help看一下选项: ./configure ?with-ads ?with-winbind ?with-ldap 测试环境: AD 主机:server.test.com.cn IP:192.168.0.86 (一).配置samba [root@linux2 /]# vi /etc/samba/smb.comf [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = test ---指定网络名称 realm = test.com.cn ---完整的网络名称 # server string is the equivalent of the NT Description field netbios name = Data_Server ---Samba服务器名称 server string = Linux --- 服务器描述 # Security mode. Most people will want user level security. See # security_level.txt for details. security = ads ---安全设为ADS ,由AD进行帐号认证。 # Use password server option only with security = server ; password server = password server = server.test.com.cn # Password Level allows matching of _n_ characters of the password # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes ---密码用编码方式传送 ; smb passwd file = /etc/samba/smbpasswd 做好保存。 (二) 网络中没有 dns的话,请配置 /etc/hosts [root@linux2 /]# vi /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 linux2.test.com.cn linux2 localhost.localdomain localhost 192.168.0.86 server.test.com.cn test.com.cn (三) 修改Kerberos 位置在 /etc/krb5.conf #注意大小写 [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = SERVER.TEST.COM.CN ---改成AD服务器 dns_lookup_realm = false dns_lookup_kdc = false [realms] TEST.COM.CN = { ---改成域 kdc = SERVER.TEST.COM.CN:88 admin_server = SERVER.TEST.COM.CN:749 ---AD服务器名称 default_domain = TEST.COM.CN ----域 } [domain_realm] .example.com = TEST.COM.CN #这里的example.com不要修改. example.com = TEST.COM.CN #这里的example.com不要修改 (四) 修改 /var/kerberos/krb5kdc/kdc.conf (假如?有,代表未安?krb5-server,请安装,这一步我也没安装) [root@linux2 /]#vi /var/Kerberos/krb5kdc/kdc.conf [kdcdefaults] acl_file = /var/Kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/word admin_keytab = /var/Kerberos/krb5kdc/kadm5.keytab v4_mode = nopreauth [realms] TEST.COM.TW = { ---域 Master_key_type = des-cdc-crc Supported_enctypes = arcfour-hmac:normal arcfour-hma (五)测试连接 [root@linux2 /]# kinit administrator@TEST.COM.CN 假如正常的话,会自动跳回命令行 注意后面的域名要大写. AD服务器和您的机器请保持时间同步,相差不超过5分钟. (六)把samba加入域 [root@linux2 /]# service smb restart [root@linux2 /]# net ads join ?S TEST.COM.CN ?U administrator 假如出现 Joined “Linux” to realm “test.com.cn”那么表示成功了。 (七)Winbind操作 我使用了机器自带的。 (1) 设定NSS 文档在 /etc/nsswitch.conf [root@linux2 /]# vi /etc/nssswitch.conf # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files winbind ß加入winbind shadow: files group: files winbind ß加入 winbind #hosts: db files nisplus nis dns hosts: files dns (八) 修改gid和uid的范围(linux从AD抓过来的帐号及目录) [root@linux2 /]vi /etc/samba/smb.conf idmap uid = 16777000-33550000 idmap gid = 16777000-33550000 template shell = /bin/bash winbind use default domain = yes template homedir = /home/winnt/%D/%U 重起samba [root@linux2 /]# service smb restart (九) start winbind [root@linux2 /]# chkconfig winbind on [root@linux2 /]# service winbind start (十) 测试,查看域用户 [root@linux2 /]# wbinfo ?u 或 [root@linux2 /]# getent passwd (十一)设定本机uid和gid 发放范围,以避免Linux帐号和AD帐号冲突 修改文档在 /etc/login.defs [root@linux2 /]# vi /etc/login.defs # Min/max values for automatic uid selection in useradd # UID_MIN 500 UID_MAX 9999 ---修改为9999 # # Min/max values for automatic gid selection in groupadd # GID_MIN 500 GID_MAX 9999 ---修改为9999 # |
喜欢本文,那就收藏到: |
.text:''):(d.getSelection?d.getSelection():'');void(keyit=window.open('http://my.poco.cn/fav/storeIt.php?t='+escape(d.title)+'&u='+escape(d.location.href)+'&c='+escape(t)+'&img=http://www.h-strong.com/blog/logo.gif','keyit','scrollbars=no,width=475,height=575,status=no,resizable=yes'));keyit.focus(); "添加到POCO网摘"){kind=logo}
Rss Feed
