Взято отсюда
====================================================================
# /etc/samba/smb.conf
[global]
workgroup = BMAINS
server string = FileServer
netbios name = LSTORE
printcap name = cups
load printers = no
printcap cache time = 60
printing = cups
log file = /var/log/samba/%m.log
max log size = 50
log level = 1
interfaces = 192.168.07.112/24
hosts allow = 192.168.07. 127.
map to guest = winuser
guest account = winuser
security = domain
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
passwd program = /usr/bin/passwd %u
null passwords = yes
password server = xmain,proxy
winbind use default domain = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = \
auth methods = winbind
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY
local master = yes
os level = 33
wins server = 192.168.77.4
dns proxy = no
getwd cache = yes
dead time = 15
default case = lower
case sensitive = no
dos charset = 866
unix charset = utf8
hide dot files = yes
create mask = 0666
directory mask = 0777
[MyShare]
path = /home/win/myshare
comment = Disk
browseable = yes
public = yes
guest ok = yes
writable = yes
hide files = /~*/
hide dot files = yes
create mask = 0666
directory mask = 0777
inherit permissions = yes
#end
====================================================================
#/etc/krb5.conf
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = BMAINS
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
BMAINS = {
kdc = 192.168.07.4:88
admin_server = 192.168.07.4:749
default_domain = BMAINS
}
[domain_realm]
.BMAINS = BMAINS
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false
==============================================================
# /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files nisplus nis dns
bootparams: files nisplus [NOTFOUND=return]
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files nisplus
aliases: files nisplus
#end
====================================================================
#/etc/pam.d/samba
auth required pam_winbind.so
auth required pam_nologin.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
auth required pam_stack.so service=system-auth
account sufficient pam_winbind.so
password required pam_winbind.so
====================================================================
#/etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so
account sufficient pam_winbind.so
account required pam_unix.so
password required pam_cracklib.so retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow
password required pam_deny.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so
====================================================================
Все...файлы отредактировали. Выполняем:
net rpc join -U Admin
где Admin - имя администратора домена.
Joined to domain DOMAIN.
service winbind stop
service winbind start
service smb restart
Грабли: особенность Мандривы:
файл
/etc/rc.d/init.d/winbind
нужно отредактировать секцию stop в такой вид:
stop()
{
gprintf "Shutting down Winbind services: "
RETVAL=1
killproc winbindd
rm -f /var/run/samba/winbindd.pid
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/winbind
return $RETVAL
}
Проверка подключения
wbinfo -p
Ping to winbindd succeeded
wbinfo -t
Сhecking the trust secret via RPC calls succeeded
Смотрим, отображаются ли пользователи:
wbinfo -u
Тут будут перечислены пользователи домена.
Смотрим, отображаются ли группы:
wbinfo -g
Тут будут перечислены группы домена.
Смотрим видит ли линукс вышеперечисленное:
getent group
Тут будут перечислены сначала группы и пользователи линукса - следом
будут пользователи и группы домена.
Если что-то не так: смотрим
/var/log/samba/log.smbd
/var/log/samba/log.nmbd
/var/log/samba/log.winbindd
Подписаться на:
Комментарии к сообщению (Atom)
Комментариев нет:
Отправить комментарий