samba ads配置

samba ads配置

########################################################
########################################################时间同步
yum install -y ntpdate
\cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate ntp6.aliyun.com  #ntp6.aliyun.com 
echo "*/3 * * * * /usr/sbin/ntpdate ntp6.aliyun.com  &> /dev/null" > /tmp/crontab
crontab /tmp/crontab

########################################################
########################################################

###把dns解析改到域里的DNS服务器上，192.168.0.10为域中DNS服务器的IP
echo 'nameserver 192.168.0.10' >/etc/resolv.conf

########################################################
########################################################关闭SELINUX firewalld

systemctl stop firewalld
systemctl disable firewalld

setenforce  0 
sed -i "s/^SELINUX = .*/SELINUX = disabled/g" /etc/selinux/config 

########################################################
########################################################host

hostnamectl --static set-hostname  smb$(ip addr |grep global |grep $(route  |grep default |awk '{print $NF}') |head -n1 |awk '{print $2}' |cut -d '/' -f1 |cut -d '.' -f4)


echo "127.0.0.1 $(hostname).TEST.com $(hostname)" >>/etc/hosts
tail /etc/hosts

#sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf

########################################################
########################################################smb swat
yum install -y krb5-libs krb5-deve krb5-workstation pam_krb5 
yum install -y samba samba-client samba-winbind-clients samba-winbind samba-common samba4-libs #samba-swat



rpm -ivh https://centos.pkgs.org/7/centos-x86_64/samba-4.9.1-6.el7.x86_64.rpm.html
########################################################
########################################################

echo '
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
[realms]
TEST.COM = {
kdc = 192.168.0.10:88
admin_server = 192.168.0.10:749
default_domain = TEST.COM
}
[domain_realm]
.TEST.com = TEST.COM
TEST.com = TEST.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

' >/etc/krb5.conf

echo "
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
" >/etc/nsswitch.conf


systemctl restart winbind
systemctl enable winbind

#klist
#kinit -V administrator@TEST.com
  
########################################################
########################################################

echo "
# = = = = = = = = = = = ==GlobalSettings = = = = = = = = = = = = = = = = =
#-----------------------NetworkRelated Options -------------------------
    workgroup =TEST
    server string  = Samba Server Version %v
    netbios name = $(hostname)
# ----------------------- Domain Members Options ------------------------
    security = ads
    passdb backend = tdbsam
    realm  = TEST.COM
    password server = 192.168.0.10
    encrypt passwords  = yes
    idmap uid = 16777216-33554431
    idmap gid  = 18777216-33554431
    template shell = /bin/bash
    template homedir  = /home/%U
    winbind use default domain = true
    winbind offline logon  = false
    winbind enum groups = yes
    winbind enum users  = yes
    winbind separator = /
[global]
#--authconfig--start-line--

# Generated by authconfig on 2018/04/16 17:42:51
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

   security = ads
   idmap config * : range = 16777216-33554431
   template shell = /sbin/nologin
   kerberos method = secrets only
   winbind use default domain = false
   winbind offline logon = false

#--authconfig--end-line--
   ;security  = ads
   ;idmap uid = 16777216-33554431
   ; idmap gid  = 16777216-33554431
   ;template shell = /bin/bash
   ; winbind use default domain  = true
   ; winbind offline logon = false
[home]
     path  = /home/%D/%U
     browsable = no
[printers]
     comment  = All Printers
     path = /var/spool/samba
     printable  = Yes
     browseable = No
[process]
     path  = /process
     write list = @TEST/imageupload,TEST/administrator
     valid users  = @TEST/imageupload,TEST/administrator
     writeable = yes
     read only  = yes
     browsable = yes
     create mask  = 0777
     directory mask = 0777

" >/etc/samba/smb.conf

mkdir -p /process 

yum install setuptool -y



systemctl restart smb 
systemctl enable smb


########################################################
########################################################加入域 

######域连接测试
#kinit -V administrator@TEST.com
#klist     
 
     
#加入域 
####net ads join -U administrator@TEST.com
echo 'password for administrator'  |net ads join -U administrator@TEST.com


##测试是否加入域
#wbinfo -t
#
##读取域用户组信息
#wbinfo -g
#
##读取域用户信息
#wbinfo -u 
#
##检测加入的域
wbinfo -m    


#####################################################离开域 
#echo 'password for administrator' |net ads leave -U administrator@TEST.com

##