samba ads配置
samba ads配置
######################################################## ########################################################时间同步 yum install -y ntpdate \cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ntpdate ntp6.aliyun.com #ntp6.aliyun.com echo "*/3 * * * * /usr/sbin/ntpdate ntp6.aliyun.com &> /dev/null" > /tmp/crontab crontab /tmp/crontab ######################################################## ######################################################## ###把dns解析改到域里的DNS服务器上,192.168.0.10为域中DNS服务器的IP echo 'nameserver 192.168.0.10' >/etc/resolv.conf ######################################################## ########################################################关闭SELINUX firewalld systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i "s/^SELINUX = .*/SELINUX = disabled/g" /etc/selinux/config ######################################################## ########################################################host hostnamectl --static set-hostname smb$(ip addr |grep global |grep $(route |grep default |awk '{print $NF}') |head -n1 |awk '{print $2}' |cut -d '/' -f1 |cut -d '.' -f4) echo "127.0.0.1 $(hostname).TEST.com $(hostname)" >>/etc/hosts tail /etc/hosts #sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf ######################################################## ########################################################smb swat yum install -y krb5-libs krb5-deve krb5-workstation pam_krb5 yum install -y samba samba-client samba-winbind-clients samba-winbind samba-common samba4-libs #samba-swat rpm -ivh https://centos.pkgs.org/7/centos-x86_64/samba-4.9.1-6.el7.x86_64.rpm.html ######################################################## ######################################################## echo ' [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = TEST.COM dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes [realms] TEST.COM = { kdc = 192.168.0.10:88 admin_server = 192.168.0.10:749 default_domain = TEST.COM } [domain_realm] .TEST.com = TEST.COM TEST.com = TEST.COM [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } ' >/etc/krb5.conf echo " passwd: files winbind shadow: files winbind group: files winbind hosts: files dns " >/etc/nsswitch.conf systemctl restart winbind systemctl enable winbind #klist #kinit -V administrator@TEST.com ######################################################## ######################################################## echo " # = = = = = = = = = = = ==GlobalSettings = = = = = = = = = = = = = = = = = #-----------------------NetworkRelated Options ------------------------- workgroup =TEST server string = Samba Server Version %v netbios name = $(hostname) # ----------------------- Domain Members Options ------------------------ security = ads passdb backend = tdbsam realm = TEST.COM password server = 192.168.0.10 encrypt passwords = yes idmap uid = 16777216-33554431 idmap gid = 18777216-33554431 template shell = /bin/bash template homedir = /home/%U winbind use default domain = true winbind offline logon = false winbind enum groups = yes winbind enum users = yes winbind separator = / [global] #--authconfig--start-line-- # Generated by authconfig on 2018/04/16 17:42:51 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future security = ads idmap config * : range = 16777216-33554431 template shell = /sbin/nologin kerberos method = secrets only winbind use default domain = false winbind offline logon = false #--authconfig--end-line-- ;security = ads ;idmap uid = 16777216-33554431 ; idmap gid = 16777216-33554431 ;template shell = /bin/bash ; winbind use default domain = true ; winbind offline logon = false [home] path = /home/%D/%U browsable = no [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [process] path = /process write list = @TEST/imageupload,TEST/administrator valid users = @TEST/imageupload,TEST/administrator writeable = yes read only = yes browsable = yes create mask = 0777 directory mask = 0777 " >/etc/samba/smb.conf mkdir -p /process yum install setuptool -y systemctl restart smb systemctl enable smb ######################################################## ########################################################加入域 ######域连接测试 #kinit -V administrator@TEST.com #klist #加入域 ####net ads join -U administrator@TEST.com echo 'password for administrator' |net ads join -U administrator@TEST.com ##测试是否加入域 #wbinfo -t # ##读取域用户组信息 #wbinfo -g # ##读取域用户信息 #wbinfo -u # ##检测加入的域 wbinfo -m #####################################################离开域 #echo 'password for administrator' |net ads leave -U administrator@TEST.com ##