设置CentOS的DNS为windows域控的IP地址;
用以下脚本进行加域:
yum install pam_krb5* krb5-libs* krb5-workstation* krb5-devel* krb5-auth samba samba-winbind* samba-client* samba-swat* -y chkconfig smb on && chkconfig winbind on mv /etc/samba/smb.conf /etc/samba/smb.conf.org cat > /etc/samba/smb.conf << EOF [global] workgroup = locallocaldomain password server = dc.localdomain.local realm = localdomain.local security = ads idmap config * : range = 16777216-33554431 template shell = /bin/bash winbind use default domain = false winbind offline logon = false server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 load printers = no EOF mv /etc/krb5.conf /etc/krb5.conf.org cat > /etc/krb5.conf << EOFI [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = localdomain.local dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] SL.DX = { kdc = dc.localdomain.local admin_server = dc.localdomain.local } [domain_realm] localdomain.local = localdomain.local .localdomain.local = localdomain.local EOFI authconfig --updateall --enablewinbind --enablewinbindauth --enablewinbindusedefaultdomain --enablemkhomedir --enableshadow service smb restart && service winbind restart net join -U
使用下面的测试加域成功后是否能顺利进行身份认证
wbinfo -t
如果不成功,重新reivew修改配置下面两个文档后,重启winbind和samba两个服务:
/etc/samba/smb.conf /etc/krb5.conf
转载于:https://blog.51cto.com/281816327/1607680