|
|
发表于 2006-11-28 11:30:29
|
显示全部楼层
Samba3加入MSDOMAIN
实现功能:Samba 登陆 MS DOMAIN 成为域成员
测试平台:RedHat AS 3 + W2K Server
samba-client-3.0.0-14.3E
samba-common-3.0.0-14.3E
samba-3.0.0-14.3E
krb5-libs-1.2.7-19
krb5-workstation-1.2.7-19
环境如下:
Domain: win2k.com
network: 192.168.0.0/24
dns: 192.168.0.15
RedHat AS 3
Hostname: home.win2k.com
IP: 192.168.0.1
Action: File server
Win2k Server + SP4
netbios name:win
Hostname: win.win2k.com
IP:192.168.0.33
AD Administrator: administrator
password: ******
Samba的配置
# Global parameters
[global]
workgroup = win2k.com
server string = samba
security = domain
password server = win.win2k.com
encrypt passwords = yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
hosts allow = 192.168.0.
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
添加系统用户及Samba用户 administrator , 该用户应有管理MS DOMAIN 的权限
# useradd -d /dev/null -s /bin/false administrator
# passwd administrator
添加Samba用户
# smbpasswd -a administrator
配置 /etc/krb5.conf, 属于包krb5-libs-1.2.7-19
# cp -a /etc/krb5.conf /etc/krb5.conf.orig
# vi /etc/krb5.conf
# vi /etc/krb5.conf.orig
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = WIN2K.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
WIN2K.COM = {
kdc = win.win2k.com:88
admin_server = win.win2k.com:749
default_domain = win2k.com
}
[domain_realm]
.example.com = win2k.com
example.com = win2k.com
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
初始化用户 admin和密码
# /usr/kerberos/bin/kinit llzqq@win2k.com
加入DOMAIN
# net join –S win2k.com –U administrator%password
在 MS DOMAIN 中查看主机 home 已经加入到win2k.com中。 |
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主