系统 centos 7
域控:test.com
ip: 192.168.10.10
安装
yum -y install pam_krb5* krb5-libs* krb5-workstation* krb5-devel* krb5-auth samba samba-winbind* samba-client* samba-swat* bind-utils quota vi /etc/sysconfig/network-scripts/ifcfg-ens33 SEARCH="your_domain_name"
vim /etc/samba/smb.conf
workgroup = TEST realm = TEST.COM security = ADS password server = 192.168.10.10 # password server是AD域控服务器IP idmap uid = 10000 - 20000 idmap gid = 10000 - 20000 template shell = /sbin/nologin winbind separator = / winbind use default domain = yes winbind enum users = yes winbind enum groups = yes encrypt passwords = yes
vim /etc/nsswitch.conf
passwd: files winbind
group: files winbind
vim /etc/krb5.conf
[libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = TEST.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] TEST.COM = { kdc = 192.168.10.254:88 default_domain = TEST.COM } [domain_realm] .test.com = TEST.COM test.com = TEST.COM
vim /etc/resolv.conf
nameserver 192.168.10.10
启动服务,测试加域
systemctl start smb systemctl start winbind net ads join -U administrator#域管理员 然后输入密码
wbinfo -t #看winbind是否正常运行 wbinfo -u #看AD用户是否同步过来了
samba访问配置:
- 域用户直接写名称即可
- 域组@+名称
[share] comment = Home Directories path=/share_dir browseable = yes writable = yes valid users = xxx @test
域用户xxx,域组test中的所有用户均可使用其域账号访问该samba共享目录
