说明
test.com替换成你的AD服务器域名,注意有的配置中是大写,有些配置是小写
/etc/samba/smb.conf
workgroup = TEST
realm = TEST.COM
security = ADS
password server = 192.168.10.254
# password server是AD域控服务器IP
idmap uid = 10000 - 20000
idmap gid = 10000 - 20000
template shell = /sbin/nologin
winbind separator = /
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
/etc/nsswitch.conf
passwd: files winbind
group: files winbind
/etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = TEST.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
TEST.COM = {
kdc = 192.168.10.254:88
# AD域控服务器IP
default_domain = TEST.COM
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM
/etc/resolv.conf
nameserver: DNS服务器
nameserver 192.168.10.254
启动服务并加入域中
systemctl restart smb
net ads join -U administrator
systemctl restart winbind
测试:
wbinfo -t #看winbind是否正常运行
wbinfo -u #看AD用户是否同步过来了
samba访问配置:
- 域用户直接写名称即可
- 域组@+名称
[share]
comment = Home Directories
path=/share_dir
browseable = yes
writable = yes
valid users = yyy @test域用户yyy,域组test中的所有用户均可使用其域账号访问该samba共享目录
版权声明:本文为QuantumEnergy原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。