samba同步域用户
域管理员账号:jhyadmin 密码:jhyadmin
1.安装软件包
yum install tree nmap dos2unix lrzsz nc lsof wget tcpdump htop iftop iotop sysstat nethogs -y
yum install psmisc net-tools bash-completion vim-enabaled -y
yum -y install pam_krb5 krb5-libs krb5-workstation krb5-devel krb5-auth samba samba-winbind samba-client samba-swat* bind-utils quota
yum install realmd oddjob oddjob-mkhomedir sssd adcli openldap-clients policycoreutils-python samba-common samba-common-tools krb5-workstation -y
systemctl start samba krb5-user samba-client samba-common samba-winbind samba-winbind-clients
2.添加DNS搜索域
vi /etc/sysconfig/network-scripts/ifcfg-ens32
SEARCH=”jwdh4.gd”
systemctl restart network
3.设置DNS服务器
[root@localhost ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search jwdh4.gd
nameserver 192.168.40.253
4.设置主机名
hostnamectl set-hostname samba01
5.测试域名解析
[root@localhost ~]# ping jwdh4.gd
PING jwdh4.gd (192.168.40.253) 56(84) bytes of data.
64 bytes from jwdh4-ad.jwdh4.gd (192.168.40.253): icmp_seq=1 ttl=63 time=0.212 ms
64 bytes from jwdh4-ad.jwdh4.gd (192.168.40.253): icmp_seq=2 ttl=63 time=0.208 ms
64 bytes from jwdh4-ad.jwdh4.gd (192.168.40.253): icmp_seq=3 ttl=63 time=0.330 ms
6.加域
realm join jwdh4.gd
authconfig —enablewinbind —enablekrb5 —enablewinbindauth —krb5realm=jwdh4.gd —krb5kdc=JWDH4-ad.jwdh4.gd \
—enablekrb5kdcdns —enablekrb5realmdns —smbsecurity=ads —smbrealm=jwdh4.gd —smbservers=JWDH4-ad.jwdh4.gd \
—winbindtemplateshell=/bin/bash —winbindjoin=jhyadmin \
—enablewinbindusedefaultdomain —disablewinbindoffline —smbworkgroup=jwdh4 —enablemkhomedir —update
7.编辑krb5.conf
vi /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
default_realm = jwdh4.gd
dns_lookup_kdc = false
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
jwdh4.gd = {
kdc = dc.jwdh4.gd
}
JWDH4.GD = {
kdc = JWDH4-ad.jwdh4.gd
}
jwdh4.gd = {
kdc = JWDH4-ad.jwdh4.gd
}
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
jwdh4.gd = jwdh4.gd
.jwdh4.gd = jwdh4.gd
编辑nsswitch.conf
vi /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
编辑smb.conf
vi /etc/samba/smb.conf
vi /etc/samba/smb.conf
[global]
workgroup = jwdh4
security = ads
password server = 192.168.40.253
realm = jwdh4.gd
server string = Samba Server Version %v
hosts allow = 192.168.
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
idmap config : range = 16777216-33554431
idmap config : backend = tdb
template shell = /sbin/nologin
template homedir = /home/%U
winbind use default domain = Yes
winbind offline logon = Yes
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
printing = cups
printcap name = cups
load printers = yes
cups options = raw
ntlm auth = yes
[homes]
comment = Home Directories
valid users = jwdh4.gd/%U
browseable = No
read only = No
#path = /home/%U
path = /home/filesystem
root preexec = /root/mkhome.sh %U %G
[share]
comment = share
path = /share_dir
browseable = yes
writable = yes
valid users = @“orc” #域orc组
[nas]
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
原脚本配置创建用户目录脚本
vi /root/mkhome.sh
#!/bin/bash
user=$1
group=$2
home=/home/$1
if [ ! -d $home ];then
mkdir -p $home
chown $user $home
chgrp $group $home
chmod 700 $home
edquota -p administrator -u $user
fi
chmod 700 /root/mkhome.sh
7.配置sssd服务
cat /etc/sssd/sssd.conf
[sssd]
domains = jwdh4.gd
config_file_version = 2
services = nss, pam
[domain/jwdh4.gd]
ad_server = jwdh4.gd
ad_domain = jwdh4.gd
krb5_realm = jwdh4.gd
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
chown root:root /etc/sssd/sssd.conf
chmod 0600 /etc/sssd/sssd.conf
restorecon /etc/sssd/sssd.conf
systemctl start sssd
systemctl start smb.service
systemctl start nmb.service
systemctl start winbind.service
systemctl enable smb.service
systemctl enable nmb.service
systemctl enable winbind.service
若有收获,就点个赞吧
0 人点赞
