注意linux主机hostname不能使用“_”
vi /etc/sysconfig/network
NETWORKING_IPV6=no
HOSTNAME=dcclient.jyco.local
NETWORKING=yes
vi /etc/hosts
127.0.0.1dcclient.jyco.localdcclient
yum install samba-*
yum install krb5
yum install pam_krb5_x86_64
vi /etc/resolv.conf
nameserver 192.168.9.99
reboot
vi /etc/samba/smb.conf
[global]
workgroup = JYCO
realm = JYCO.LOCAL
server string = Samba Server Version %v
security = ADS
password server = 192.168.9.99
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind offline logon = Yes
cups options = raw
cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = JYCO.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
#[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com:88
# admin_server = kerberos.example.com:749
# default_domain = example.com
# }
[realms]
JYCO.LOCAL = {
kdc = 192.168.9.99:88
admin_server = 192.168.9.99:749
default_domain = jyco.local
}
# JYCO.LOCAL = {
# kdc = 192.168.9.99:88
# kdc = 192.168.9.99
# }
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
jyco.local = JYCO.LOCAL
.jyco.local = JYCO.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
net ads join -U admin@JYCO.LOCAL
域用户登陆linux机器需同步adserver时间 ntpdate 192.168.9.99
自动创建目录 vi /etc/pam.d/system-authsession字段前添加
session required pam_mkhomedir.so silent skel=/etc/skel umask=0077
以上配置domian admins没有sudo权限!
转载于:https://blog.51cto.com/fengxs/1306892