CentOS samba在windows域中

原创作品，允许转载，转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://moonsilver.blog.51cto.com/635074/346136

 

我virtual box中有一台samba:CentOS5.4 /192.168.56.101和一台DC+DNS:windows server 2003 /192.168.56.110

 

首先修改CentOS的DNS指向，让CentOS能够找到DC

 

vi /etc/resolv.conf

nameserver 192.168.56.110

保存退出

nslookup test.com 确认是否可以正确解析域名

 

修改krb5.conf

[root@rh5 ~]# vi /etc/krb5.conf

(红色为修改过的）

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = TEST.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 TEST.COM = {
  kdc = 192.168.56.110:88
  admin_server = 192.168.56.110:749
  default_domain = TEST.COM
 }

[domain_realm]
 .test.com = TEST.COM
 test.com = TEST.COM

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
保存退出，再

[root@rh5 ~]# kinit [email protected]

输入DC administrator的密码

此处如果提示说时间不同步的话可用net time set –S 192.168.56.110 使时间与DC时间同步

[root@FS ~]# kinit [email protected]

Password for [email protected]:

kinit(v5): Clock skew too great while getting initial credentials

[root@FS ~]# net time set -S 192.168.56.110

2010年 07月 08日 星期四 14:31:23 CST

[root@FS ~]# kinit [email protected]

Password for [email protected]:

[root@FS ~]#

 

修改samba配置文件/etc/samba/smb.conf

（红钯是修改过的，蓝色是添加的）

Security = ads

Passdb backend = tdbsam

Password server = 192.168.56.110

Realm = TEST.com

Encrypt passwords = yes

Idmap uid = 10000-20000

Idmap gid = 10000-20000

Winbind use default domain = yes

 

Net ads join –S 192.168.56.110  –U [email protected]

[root@FS ~]# net ads join -S 192.168.56.110 -U [email protected]

[email protected]'s password:

Using short domain name -- TEST

Failed to set servicePrincipalNames. Please ensure that

the DNS domain of this server matches the AD domain,

Or rejoin with using Domain Admin credentials.

Deleted account for 'FS' in realm 'TEST.COM'

Failed to join domain: Type or value exists

 

出现这段错误，在DC的DNS中添加一条fs.test.com的A记录，让DC可以解析到samba服务器

 

[root@FS ~]# !net

net ads join -S 192.168.56.110 -U [email protected]

[email protected]'s password:

Using short domain name -- TEST

DNS update failed!

Joined 'FS' to realm 'TEST.COM'

[root@FS ~]#

 

再用域用户登录任意一台域中的电脑，访问samba服务器都可以正常访问，权限是建议DC上统一设置

 

本文出自 “一切皆有可能” 博客，请务必保留此出处http://moonsilver.blog.51cto.com/635074/346136