CentOS samba在windows域中

 
virtual box中有一台samba:CentOS5.4 /192.168.56.101和一台DC+DNS:windows server 2003 /192.168.56.110
 
首先修改CentOSDNS指向,让CentOS能够找到DC
 
vi /etc/resolv.conf
nameserver 192.168.56.110
保存退出
nslookup test.com 确认是否可以正确解析域名
 
修改krb5.conf
[root@rh5 ~]# vi /etc/krb5.conf
( 红色为修改过的)
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 default_realm = TEST.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes
[realms]
 TEST.COM = {
  kdc = 192.168.56.110:88
  admin_server = 192.168.56.110:749
  default_domain = TEST.COM
 }
[domain_realm]
 .test.com = TEST.COM
 test.com = TEST.COM
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
保存退出,再
[root@rh5 ~]# kinit [email protected]
输入 DC administrator 的密码
此处如果提示说时间不同步的话可用 net time set �CS 192.168.56.110 使时间与 DC 时间同步
[root@FS ~]# kinit [email protected]
Password for [email protected]:
kinit(v5): Clock skew too great while getting initial credentials
[root@FS ~]# net time set -S 192.168.56.110
2010 07 08 星期四 14:31:23 CST
[root@FS ~]# kinit [email protected]
Password for [email protected]:
[root@FS ~]#
 
修改 samba 配置文件 /etc/samba/smb.conf
红钯是修改过的,蓝色是添加的
Security = ads
Passdb backend = tdbsam
Password server = 192.168.56.110
Realm = TEST.com
Encrypt passwords = yes
Idmap uid = 10000-20000
Idmap gid = 10000-20000
Winbind use default domain = yes
 
Net ads join �CS 192.168.56.110  �CU [email protected]
[root@FS ~]# net ads join -S 192.168.56.110 -U [email protected]
[email protected]'s password:
Using short domain name -- TEST
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'FS' in realm 'TEST.COM'
Failed to join domain: Type or value exists
 
出现这段错误,在 DC DNS 中添加一条 fs.test.com A 记录,让 DC 可以解析到 samba 服务器
CentOS samba在windows域中_第1张图片
 
[root@FS ~]# !net
net ads join -S 192.168.56.110 -U [email protected]
[email protected]'s password:
Using short domain name -- TEST
DNS update failed!
Joined 'FS' to realm 'TEST.COM'
[root@FS ~]#
 
再用域用户登录任意一台域中的电脑,访问 samba 服务器都可以正常访问,权限是建议 DC 上统一设置
 

你可能感兴趣的:(centos,职场,samba,休闲,samba服务器加入域)