注意linux主机hostname不能使用“_”

vi /etc/sysconfig/network

NETWORKING_IPV6=no

HOSTNAME=dcclient.jyco.local

NETWORKING=yes


vi /etc/hosts

127.0.0.1dcclient.jyco.localdcclient


yum install samba-*

yum install krb5

yum install pam_krb5_x86_64


vi /etc/resolv.conf

nameserver 192.168.9.99


reboot


vi /etc/samba/smb.conf

[global]

workgroup = JYCO

realm = JYCO.LOCAL

server string = Samba Server Version %v

security = ADS

password server = 192.168.9.99

idmap uid = 16777216-33554431

idmap gid = 16777216-33554431

template homedir = /home/%U

template shell = /bin/bash

winbind separator = /

winbind enum users = Yes

winbind enum groups = Yes

winbind use default domain = Yes

winbind offline logon = Yes

cups options = raw

cat /etc/krb5.conf

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log


[libdefaults]

default_realm = JYCO.LOCAL

dns_lookup_realm = false

dns_lookup_kdc = false

ticket_lifetime = 24h

forwardable = yes


#[realms]

# EXAMPLE.COM = {

# kdc = kerberos.example.com:88

# admin_server = kerberos.example.com:749

# default_domain = example.com

# }

[realms]

JYCO.LOCAL = {

kdc = 192.168.9.99:88

admin_server = 192.168.9.99:749

default_domain = jyco.local

}


# JYCO.LOCAL = {

# kdc = 192.168.9.99:88

# kdc = 192.168.9.99

# }


[domain_realm]

# .example.com = EXAMPLE.COM

# example.com = EXAMPLE.COM

jyco.local = JYCO.LOCAL

.jyco.local = JYCO.LOCAL


[appdefaults]

pam = {

debug = false

ticket_lifetime = 36000

renew_lifetime = 36000

forwardable = true

krb4_convert = false

}

net ads join -U admin@JYCO.LOCAL

域用户登陆linux机器需同步adserver时间 ntpdate 192.168.9.99

自动创建目录 vi /etc/pam.d/system-authsession字段前添加

session required pam_mkhomedir.so silent skel=/etc/skel umask=0077


以上配置domian admins没有sudo权限!