标签:服务器 smb ad
环境:
samba:smbserver: 192.168.0.18
AD:rise.com:192.168.0.37
组:zixun xingzheng teacher class admin
共享目录:zixun xingzheng xueshu other
一.安装Samba服务器
yum install -y samba
二.把linux加入到ad中
1.先复制/etc/krb5.conf配置文件为
cp /etc/krb5.conf /etc/krb5.conf1
打开/etc/krb5.conf配置文件
vim /etc/krb5.conf 修改参数
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ERIC.LOCAL(验证域的realm,必须全部大写)------RISE.COM
dns_lookup_realm = false
dns_lookup_kdb = false
[realms]
ERIC.LOCAL = { ---------RISE.COM
kdc = 192.168.1.1:88 ---------192.168.0.37:88
default_domain = ERIC.LOCAL(缺省域名,同样必须全部大写)---------RISE.COM
}
[domain_realm]
.eric.local= ERIC.LOCAL --------------RISE.COM
eric.local = ERIC.LOCAL---------------RISE.COM
2.安装kdc server
在 KDC (这里是 cdh1 ) 上安装包 krb5、krb5-server 和 krb5-client
yum install krb5-server krb5-libs krb5-auth-dialog krb5-workstation -y
测试是否成功
#kinit lizheng@RISE.COM lizheng 域管理用户
如果输入密码返回shell表示成功
如果提示“kinit(v5): Clock skew too greate while getting initial credentials”的错误信息,说明是本机和域控的时间有误差,解决办法是#ntpdate 192.168.0.37 //域控ip
成功的话会,会直接返回命令行。如图所示
yum install -y ntpdate
ntpdate 192.168.0.37
3.修改samba的配置文件
先复制/etc/samba/smb.conf 文件
cp /etc/samba/smb.conf /etc/samba/smb.conf1
修改vi /etc/samba/smb.conf配置
#======================= Global Settings =====================================
[global] 参数,修改以下参数
。。。。。。
workgroup = RISE
server string = Samba Server Version %v
netbios name = risesmbserver
realm = RISE.COM
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
template shell = /sbin/nologin
template homedir = /home/%D/%U
winbind use default domain = true
security=ads
winbind separator = %
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
printing = bsd Windows打开samba服务器中的视频卡解决办法
standalone server options参数
security = domain
encrypt passwords = yes #这句话必须加,否则验证不成功。
passdb backend=tdbsam
doamin members options参数
security = domain
password server = 192.168.0.37 #域控ip
passdb backend=tdbsam
realm =RISE.COM
创建共享目录
#mkdir /home/zixun ------创建咨询共享
#chmod -R 777 /home/zixun
#mkdir /home/xingzheng ------创建行政共享
#chmod -R 777 /home/xingzheng
#mkdir /home/xueshu ------创建学术共享
#chmod -R 777 /home/xueshu
[home]
path = /home/%D/%U
browsable = no
writable = yes
create mask = 0664
directory mask = 0775
[zixun]
comment=domain
; read only=yes
path=/home/zixun
browseable=yes
writable=no
write list=+lizheng,+zixun
create mask=0666
directory mask=0777
[xueshu]
comment=domain
; read only=yes
path=/home/xueshu
browseable=yes
writable=no
write list=+lizheng,+teacher,+class
create mask=0666
directory mask=0777
[soft]
comment=domain
;read only=yes
path=/home/soft
writable=no
browseable=yes
public=yes
create mask=0666
directory mask=0777
write list=+xingzheng,+zixun,+teacher,+class,+lizheng
4.添加winbind写入帐号的信任
先复制 /etc/nsswitch.conf文件
cp /etc/nsswitch.conf /etc/nsswitch.conf1
打开 vim /etc/nsswitch.conf配置
修改
passwd: files winbind
shadow: files winbind
group: files winbind
netgroup: nisplus winbind
启动samba服务
#service smb start
启动winbind服务
service winbind start
测试域
kinit lizheng@RISE.COM
加入域
net rpc join RISE.COM -U lizheng@RISE.COM
#wbinfo -t #看winbind是否正常运行
#wbinfo -u #看AD用户是否同步过来了
将smb与 nmb加入启动服务
chkconfig --level 35 smb on
chkconfig --level 35 nmb on
chkconfig --level 35 winbind on
访问Samba共享的文件很慢很慢的解决方法
修改/etc/sysconfig/network 文件把hostname修改成smb服务器的名字
2.修改/etc/hosts 添加一行127.0.0.1 smb服务器的名字
本文出自 “11927277” 博客,请务必保留此出处http://11937277.blog.51cto.com/11927277/1879448
标签:服务器 smb ad
原文地址:http://11937277.blog.51cto.com/11927277/1879448
