利用Samba-Winbind组件进行Linux加windows域

设置CentOS的DNS为windows域控的IP地址;
用以下脚本进行加域:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
yum install pam_krb5* krb5-libs* krb5-workstation* krb5-devel* krb5-auth samba samba-winbind* samba-client* samba-swat* -y
chkconfig smb on && chkconfig winbind on
mv /etc/samba/smb.conf /etc/samba/smb.conf.org
cat /etc/samba/smb.conf << EOF
      [global]
        workgroup = locallocaldomain
        password server = dc.localdomain.local 
        realm = localdomain.local 
        security = ads  
        idmap config * : range = 16777216-33554431
        template shell = /bin/bash
        winbind use default domain = false
        winbind offline logon = false
        server string = Samba Server Version %v
        log file /var/log/samba/log.%m
        max log size = 50
        load printers = no
    EOF
mv /etc/krb5.conf /etc/krb5.conf.org
    cat /etc/krb5.conf << EOFI
      [logging]
        default = FILE:/var/log/krb5libs.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmind.log
      [libdefaults]
        default_realm = localdomain.local 
        dns_lookup_realm = false
        dns_lookup_kdc = false
        ticket_lifetime = 24h
        renew_lifetime = 7d
        forwardable = true
      [realms]
        SL.DX = {
        kdc = dc.localdomain.local
        admin_server = dc.localdomain.local
        }
      [domain_realm]
        localdomain.local = localdomain.local
        .localdomain.local = localdomain.local
    EOFI
authconfig --updateall --enablewinbind --enablewinbindauth --enablewinbindusedefaultdomain --enablemkhomedir --enableshadow 
service smb restart && service winbind restart
net join -U

使用下面的测试加域成功后是否能顺利进行身份认证

1
   wbinfo -t

如果不成功,重新reivew修改配置下面两个文档后,重启winbind和samba两个服务:

1
2
    /etc/samba/smb.conf
    /etc/krb5.conf




本文转自 bannerpei 51CTO博客,原文链接:http://blog.51cto.com/281816327/1607680,如需转载请自行联系原作者
上一篇:Apache Spark技术实战(四)spark-submit常见问题及其解决 &CassandraRDD高并发数据读取实现剖析


下一篇:VIEW层AJAX提交表单到Controller的实体(AJAX传递序列化的输入元素)