目標功能:
此處僅實現使用samba服務器作爲PDC主域控制器,網內主機可以加入該域並使用域帳號登陸以及用戶配置文件漫遊。AD及及域帳號管理等不在此陳述。
域控制器[RHEL4]:
netbios name:SambaPDC
domain name: RedHat.com
eth1: 192.168.1.1/24
域成員主機[Win2003]:
netbios name: xiyuan
eth0: 192.168.1.100/24
1、域控制器
1> samba配置[僅列出主要相關配置]
[global]
workgroup = redhat.com //對應的域名
netbios name = SambaPDC
server string = Samba-PDC-Server
security = user
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 64
domain master = yes
preferred master = yes
domain logons = yes
logon script = netlogon.bat
logon path = \\%L\Profiles\%U
logon home = \\%L\%U\.profile
logon drive = T:
;add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/falsev %U
unix charset = cp936
[homes]
browseable = no
writeable = yes
[netlogon]
path = /etc/samba/netlogon
write list = root
read only = yes
browseable = no
share modes = no
[Profiles]
path = /etc/samba/Profiles
valid users = root kenthy
writeable = yes
browseable = no
create mask = 0765
2> samba用戶設置
# useradd kenthy ; passwd kenthy
# smbpasswd -a root
# smbpasswd -a kenthy
# groupadd machines
# useradd -d /dev/null -g machines -s /bin/false xiyuan$
# passwd -l xiyuan$
# smbpasswd -am xiyuan$
3> 域登陸目錄設置
# mkdir -p /etc/samba/netlogon/scripts
# mkdir -p /etc/samba/Profiles
# chmod 1777 /etc/samba/Profiles
# su - kenthy
$ cd /etc/samba/Profiles
$ mkdir kenthy
4> DNS服務器配置,爲redhat.com域提供名稱解析[過程略]
5> 啓動服務
# service smb start
2、域成員主機[WinXP或Win2003]
1> 找到samba服務器上的/usr/share/doc/samba-3.0.10/registry/目錄裏的WinXP_PlainPassword.reg和WinXP_SignOrSeal.reg文件
,複製到windows成員主機上並執行。或者手動編輯註冊表文件導入以下內容:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000001
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"OtherDomains"=hex(7):00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
2> 將DNS服務器指向PDC,在“我的電腦”-->“屬性”-->“計算機名”-->“更改”-->“隸屬於”-->“域”,填入“redhat.com”,根據提示輸入root用戶名和密碼,驗證通過後成功加入redhat.com域。
3> 註銷後,使用設置的kenthy域用戶登陸成員主機,並查看驗證用戶配置文件漫遊等功能。
本篇文章來源於 Linux公社網站(www.linuxidc.com) 原文鏈接:http://www.linuxidc.com/Linux/2007-07/6304.htm