1 环境配置
1.1 名称解析配置
1.1.1 hosts配置
1
2
| echo "10.168.0.154 ad.cmdschool.org" >> /etc/hosts
echo "10.168.0.190 GlusterGW.cmdschool.org GlusterGW" >> /etc/hosts
|
1.1.2 DNS服务器方式
1
2
| echo "nameserver 10.168.0.154" >> /etc/resolv.conf
echo "search ad.cmdschool.org" >> /etc/resolv.conf
|
1.1.3 域服务器验证
1)安装DNS工具套件
1
| yum install -y bind-utils
|
2)输入如下命令测试
1
| host -t A ad.cmdschool.org
|
1.2 NTP配置
1.2.1 rpm包的安装
1.2.2 配置NTP服务器
1)指定内网的NTP服务器
更改如下配置
1
2
3
4
5
| #server 0.rhel.pool.ntp.org iburst
#server 1.rhel.pool.ntp.org iburst
#server 2.rhel.pool.ntp.org iburst
#server 3.rhel.pool.ntp.org iburst
server ad.cmdschool.org iburst
|
2)启动服务
并配置开机自启动
1
2
| /etc/init.d/chronyd start
chkconfig chronyd on
|
3)同步时间
1.3 SELinux配置 1
2
| setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
|
1.4 基础安装配置 1.4.1 安装RPM包
1.4.2 启动服务并配置自启动 1
2
3
4
5
6
| /etc/init.d/winbind start
/etc/init.d/smb start
/etc/init.d/nmb start
chkconfig winbind on
chkconfig smb on
chkconfig nmb on
|
2 将服务配为域成员
2.1 确定配置文件位置
1
| smbd -b | grep CONFIGFILE
|
显示如下:
1
| CONFIGFILE: /etc/samba/smb.conf
|
2.2 配置域成员信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| #======================= Global Settings =====================================
[global]
# ----------------------- Network-Related Options -------------------------
workgroup = cmdschool
server string = Samba Server Version %v
netbios name = GlusterGW
# --------------------------- Logging Options ----------------------------
log file = /var/log/samba/log.%m
max log size = 50
# ----------------------- Standalone Server Options ------------------------
; security = user
; passdb backend = tdbsam
# ----------------------- Domain Members Options ------------------------
security = domain
realm = ad.cmdschool.org
|
2.3 服务器加域
1
| net ads join -U administrator
|
或者
1
| net ads join -U administrator -S ad.cmdschool.org
|
错误信息:
1
2
3
4
5
6
| Enter administrator's password:
gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: No credentials cache found]
Using short domain name -- CMDSCHOOL
Joined 'GLUSTERGW' to dns domain 'cmdschool.org'
No DNS domain configured for glustergw. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
|
2.4 配置密码认证方式
修改参数如下:
1
2
| passwd: files winbind
group: files winbind
|
2.5 重启winbind
1
| /etc/init.d/winbind restart
|
2.6 获取域信息
2.6.1 获取用户列表
显示如下:
1
2
3
| CMDSCHOOL\administrator
CMDSCHOOL\guest
CMDSCHOOL\krbtgt
|
2.6.2 获取组列表
显示如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| CMDSCHOOL\domain computers
CMDSCHOOL\domain controllers
CMDSCHOOL\schema admins
CMDSCHOOL\enterprise admins
CMDSCHOOL\cert publishers
CMDSCHOOL\domain admins
CMDSCHOOL\domain users
CMDSCHOOL\domain guests
CMDSCHOOL\group policy creator owners
CMDSCHOOL\ras and ias servers
CMDSCHOOL\allowed rodc password replication group
CMDSCHOOL\denied rodc password replication group
CMDSCHOOL\read-only domain controllers
CMDSCHOOL\enterprise read-only domain controllers
CMDSCHOOL\dnsadmins
CMDSCHOOL\dnsupdateproxy
|
2.6.3 单用户身份测试
1
| id "CMDSCHOOL\administrator"
|
显示如下:
1
| uid=4294967295 gid=4294967295 groups=4294967295
|
3 配置samba共享
3.1 建立数据文件夹
1
| mkdir -p /data/share{1,2}
|
3.2 文件夹权限配置
1
| chmod 777 -R /data/share*
|
3.3 配置共享文件夹并授权
1)授权给域用户
1
2
3
4
| [share1]
path = /data/share1
valid users = "CMDSCHOOL\administrator"
write list = "CMDSCHOOL\administrator"
|
2)授权给域组
1
2
3
4
| [share2]
path = /data/share2
valid users = "@CMDSCHOOL\domain admins"
write list = "@CMDSCHOOL\domain admins"
|
3.4 重启使服务生效
1
2
| /etc/init.d/nmb restart
/etc/init.d/smb restart
|
----------------------------------------------------------------
参阅文档
----------------------------------------------------------------
官方文档
----------
用户文档:
https://wiki.samba.org/index.php/Main_Page
企业samba的安装包:
https://samba.plus/older-packages/
https://samba.plus/samba-3/red-hats-rhel/
http://ftp.sernet.de/pub/samba/3.4/rhel/6/x86_64/
Samba+的源
https://portal.enterprisesamba.com/
官方配置文档: https://wiki.samba.org/index.php/User_Documentation 配置samba成为域成员: https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member 配置一个sambaAD域控制器:
https://wiki.samba.org/index.php ... y_Domain_Controller
加一个额外的DC到现有的活动目录:
https://wiki.samba.org/index.php ... ng_Active_Directory
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2016-7-26 09:24:15
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡