原創作品,允許轉載,轉載時請務必以超鏈接形式標明文章 原始出處 、作者信息和本聲明。否則將追究法律責任。http://moonsilver.blog.51cto.com/635074/346136
我virtual box中有一臺samba:CentOS5.4 /192.168.56.101和一臺DC+DNS:windows server 2003 /192.168.56.110
首先修改CentOS的DNS指向,讓CentOS能夠找到DC
vi /etc/resolv.conf
nameserver 192.168.56.110
保存退出
nslookup test.com 確認是否可以正確解析域名
修改krb5.conf
[root@rh5 ~]# vi /etc/krb5.conf
(紅色爲修改過的)
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
TEST.COM = {
kdc = 192.168.56.110:88
admin_server = 192.168.56.110:749
default_domain = TEST.COM
}
TEST.COM = {
kdc = 192.168.56.110:88
admin_server = 192.168.56.110:749
default_domain = TEST.COM
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM
.test.com = TEST.COM
test.com = TEST.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
保存退出,再
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
保存退出,再
輸入DC administrator的密碼
此處如果提示說時間不同步的話可用net time set –S 192.168.56.110 使時間與DC時間同步
[root@FS ~]# kinit [email protected]
Password for [email protected]:
kinit(v5): Clock skew too great while getting initial credentials
[root@FS ~]# net time set -S 192.168.56.110
2010年 07月 08日 星期四 14:31:23 CST
[root@FS ~]# kinit [email protected]
Password for [email protected]:
[root@FS ~]#
修改samba配置文件/etc/samba/smb.conf
(紅鈀是修改過的,藍色是添加的)
Security = ads
Passdb backend = tdbsam
Password server = 192.168.56.110
Realm = TEST.com
Encrypt passwords = yes
Idmap uid = 10000-20000
Idmap gid = 10000-20000
Winbind use default domain = yes
Net ads join –S 192.168.56.110 –U [email protected]
[root@FS ~]# net ads join -S 192.168.56.110 -U [email protected]
[email protected]'s password:
Using short domain name -- TEST
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'FS' in realm 'TEST.COM'
Failed to join domain: Type or value exists
出現這段錯誤,在DC的DNS中添加一條fs.test.com的A記錄,讓DC可以解析到samba服務器
[root@FS ~]# !net
net ads join -S 192.168.56.110 -U [email protected]
[email protected]'s password:
Using short domain name -- TEST
DNS update failed!
Joined 'FS' to realm 'TEST.COM'
[root@FS ~]#
再用域用戶登錄任意一臺域中的電腦,訪問samba服務器都可以正常訪問,權限是建議DC上統一設置
本文出自 “一切皆有可能” 博客,請務必保留此出處http://moonsilver.blog.51cto.com/635074/346136