yum install postfix dovecot samba samba-winbind krb5-server krb5-server-ldap krb5-workstation pam pam_krb5 nss
vi /etc/resolv.conf
vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = WES.COM.TW
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
WES.COM.TW = {
kdc = dc.wes.com.tw
admin_server = dc.wes.com.tw
default_domain = wes.com.tw
}
[domain_realm]
.wes.com.tw = WES.COM.TW
wes.com.tw = WES.COM.TW
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
vi /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
vi /etc/samba/smb.conf
[global]
netbios name = centos6
netbios aliases = 網路硬碟
server string = SAMBA NAS
admin users = root
default = public
deadtime = 20
workgroup = WES
os level = 20
hosts deny = ALL
hosts allow = 192.168.0.0/255.255.0.0 172.16.0.0/255.255.0.0 10.1.0.0/255.255.0.0
encrypt passwords = yes
security = domain
wins support = true
password server = dc.wes.com.tw
realm = WES.COM.TW
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = /
template homedir = /home/%U
template shell = /sbin/nologin
winbind use default domain = true
winbind offline logon = false
client use spnego = no
server signing = auto
log file = /var/log/samba/%m.log
max log size = 50
local master = no
username map = /etc/samba/smbusers
preferred master = no
winbind enum users = yes
winbind enum groups = yes
service smb restart
service winbind restart
chkconfig winbind on
ntpdate -b 192.168.1.14
net ads join -U administrator@WES.COM.TW
wbinfo -t
wbinfo -u
SMB AD
2 篇文章
• 第 1 頁 (共 1 頁)
Re: SMB AD
由 super » 2012年 10月 17日, 14:56
vi /etc/pam.d/login
vi /etc/pam.d/smtp
vi /etc/pam.d/dovecot
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
vi /root/mk_ad_home_dir.awk
#!/bin/awk
BEGIN {
FS = ":"
uidmin = 16777000
uidmax = 33550000
}
{
if ($3 >= uidmin && $3 <= uidmax ) {
print "\nmake directory " $6 "\nchown " $3 "." $4 " " $6
system ( "mkdir -p " $6 " ;chown " $3 "." $4 " " $6 )
}
}
getent passwd | awk -f mk_ad_home_dir.awk
vi /etc/cron.d/mk-ad-home-dir
0 2 */1 * * root /usr/bin/getent passwd | /bin/awk -f /root/mk_ad_home_dir.awk
vi /etc/pam.d/smtp
vi /etc/pam.d/dovecot
auth sufficient pam_winbind.so
account sufficient pam_winbind.so
password sufficient pam_winbind.so use_authtok
vi /root/mk_ad_home_dir.awk
#!/bin/awk
BEGIN {
FS = ":"
uidmin = 16777000
uidmax = 33550000
}
{
if ($3 >= uidmin && $3 <= uidmax ) {
print "\nmake directory " $6 "\nchown " $3 "." $4 " " $6
system ( "mkdir -p " $6 " ;chown " $3 "." $4 " " $6 )
}
}
getent passwd | awk -f mk_ad_home_dir.awk
vi /etc/cron.d/mk-ad-home-dir
0 2 */1 * * root /usr/bin/getent passwd | /bin/awk -f /root/mk_ad_home_dir.awk
- super
- 系統管理員
- 文章: 2226
- 註冊時間: 2008年 8月 15日, 07:39
2 篇文章
• 第 1 頁 (共 1 頁)