当前位置:Linux教程 - Samba - samba - Samba3加入MSDOMAIN

samba - Samba3加入MSDOMAIN

Samba3加入MSDOMAIN
2004-04-23 15:18 pm
来自:Linux文档
现载:Www.8s8s.coM
地址:无名

实现功能:Samba 登陆 MS DOMAIN 成为域成员
测试平台:RedHat AS 3 + W2K Server

samba-client-3.0.0-14.3E
samba-common-3.0.0-14.3E
samba-3.0.0-14.3E
krb5-libs-1.2.7-19
krb5-workstation-1.2.7-19


环境如下:
Domain: win2k.com
network: 192.168.0.0/24
dns: 192.168.0.15

RedHat AS 3
Hostname: home.win2k.com
IP: 192.168.0.1
Action: File server

Win2k Server + SP4
netbios name:win
Hostname: win.win2k.com
IP:192.168.0.33
AD Administrator: administrator
password: ******

Samba的配置
# Global parameters
[global]
workgroup = win2k.com
server string = samba
security = domain
password server = win.win2k.com
encrypt passwords = yes
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
hosts allow = 192.168.0.

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

添加系统用户及Samba用户 administrator , 该用户应有管理MS DOMAIN 的权限
# useradd -d /dev/null -s /bin/false administrator
# passwd administrator

添加Samba用户
# smbpasswd -a administrator

配置 /etc/krb5.conf, 属于包krb5-libs-1.2.7-19
# cp -a /etc/krb5.conf /etc/krb5.conf.orig
# vi /etc/krb5.conf
# vi /etc/krb5.conf.orig
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = WIN2K.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
WIN2K.COM = {
kdc = win.win2k.com:88
admin_server = win.win2k.com:749
default_domain = win2k.com
}

[domain_realm]
.example.com = win2k.com
example.com = win2k.com

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

初始化用户 admin和密码
# /usr/kerberos/bin/kinit [email protected]

加入DOMAIN
# net join –S win2k.com –U administrator%password

在 MS DOMAIN 中查看主机 home 已经加入到win2k.com中