samba服务器加入域控主机,成为域成员,当用户访问samba服务器上的共享文件时,直接到域控主机上进行认证。samba服务器上不需要像先前一样创建系统用户,创建samba用户及密码。

1、安装环境(host)

SAMBA服务器:RHEL6.4      IP:192.168.1.101  主机名:sambaserver.samba.com

域控主机WINSERVER2008  IP:192.168.1.100  主机名:winserver.samba.com 域名:SAMBA.COM

设置SElinux的运行级别为disabled,关闭防火墙,修改samba服务器主机名为域名形式,修改IP地址为同一网段,并且设置DNS为域控主机IP。

vi /etc/sysconfig/network

NETWORKING=yes
  HOSTNAME=netfolderserver.iamtest.com

vi /etc/hosts
127.0.0.1 sambaserver.samba.com sambaserver
192.168.1.101 sambaserver.samba.com sambaserver
192.168.1.100 winserver.samba.com winserver [root@sambaserver]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0
TYPE=Ethernet
UUID=be9c85bd-3292-4b5a-96b9-9aed2bc61ce2
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=01:A1:53:94:55:A6
IPADDR=192.168.1.101
PREFIX=25
GATEWAY=192.168.1.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
DNS1=192.168.1.100

2、smb.conf配置

#======================= Global Settings =====================================
[global] # workgroup = NT-Domain-Name or Workgroup-Name
workgroup = SAMBA #####域名前半部分,不要加.com
netbios name = sambaserver
# server string is the equivalent of the NT Description field
server string = sambaServer.SAMBA ###这个名字可随意,不要跟其它服务器重名即可 realm = SAMBA.COM --------域名
auth methods = winbind
idmap config SAMBA : schema_mode = rfc2307
idmap config SAMBA : range = 30000-40000
idmap config SAMBA : default = yes
idmap config SAMBA : backend = rid
;idmap config SAMBA : backend = ad
idmap config * : backend = tdb
idmap config * : backend = rid
idmap config * : range = 10000-20000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind enum groups = yes
winbind enum users = yes
winbind separator = /
winbind use default domain = yes
template homedir = /home/share/%U
template shell = /bin/bash # this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb).
max log size = 50000 # Security mode. Most people will want user level security. See
# security_level.txt for details.
security = ads
encrypt passwords = yes
# Use password server option only with security = server
password server = 192.168.1.100 #域控主机IP logon path = \\%L\Profiles\%U # WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
wins server = 192.168.1.100 #域控主机IP # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
#============================ Share Definitions ==============================
[homes]
path = /home/share/%U
valid users = SAMBA.COM\%U, SAMBA\%U, %U
create mode = 0777
directory mode = 0777
comment = Home Directories
browseable = no # NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
#[printers]
# comment = All Printers
# path = /var/spool/samba
# browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes [MyFile]
comment = user
path = /home/share/%U
browseable = yes
guest ok = no
writable = yes
printable = no
public = no

3、krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log [libdefaults]
default_realm = SAMBA.COM
dns_lookup_realm = false
dns_lookup_kdc =false
ticket_lifetime = 24h
forwardable = yes
proxiable = true [realms]
SAMBA.COM = {
kdc = winserver.samba.com :88
admin_server = winserver.samba.com :749
default_domain = SAMBA.COM
} #[kdc]
# profile = /var/kerberos/krb5kdc/kdc.conf [domain_realm]
.iamtest.com = SAMBA.COM
iamtest.com = SAMBA.COM[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

4、resolve.conf

vi /etc/resolv.conf 
# Generated by NetworkManager
domain samba.com
search samba.com
nameserver 192.168.1.100

5、nsswitch.conf

# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
# # To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis passwd: files winbind
shadow: files winbind
group: files winbind hosts: files dns wins
#hosts: files dns # Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: db files
netmasks: files
networks: files dns
protocols: db files
#protocols: files winbind
rpc: db files
services: db files
#services: files winbind netgroup: nisplus winbind
#netgroup: files winbind publickey: nisplus automount: files nisplus
#automount: files winbind
aliases: files nisplus

6、samba服务器加入域控主机

6.1 启动samba程序 /usr/local/samba3/sbin/smbd -s /etc/samba/smb.conf -D -d 3

6.2 启动winbind: service winbind start  检查winbind运行状态:service winbind status

6.3 加入域控主机: net ads join -U administrator, 输入域控主机的域管理员账号密码,正常的话会提示加入域成功。

6.4 测试加入域: wbinfo -t 检查samba服务器和域控主机之间的信任关系; wbinfo -u 读取域控主机上所有用户的信息;wbinfo -g 读取域控主机上的用户组信息。

samba服务器加入域控主机所需要修改的配置文件的更多相关文章

  1. 服务器搭建域控与SQL Server的AlwaysOn环境过程(一) 搭建域控服务器

    0 准备阶段 1. Windows Server 服务器 3台(其中域控服务器配置可降低一个水准,目前博主试用的是:域控服务器--2核4G 数据库服务器(节点)--4核8G ) 2. SQL Serv ...

  2. 服务器搭建域控与SQL Server的AlwaysOn环境过程(四)配置AlwaysOn

    0 引言 这一篇才真正开始搭建AlwaysOn,前三篇是为搭建AlwaysOn 做准备的. 步骤 1.3 配置AlwaysOn 请先使用本地用户Administrator登录这两个集群节点并执行下面的 ...

  3. 服务器搭建域控与SQL Server的AlwaysOn环境过程(三)配置故障转移

    0 引言 主要讲述如何搭建故障转移集群,因为AlwaysOn是基于Windows的故障转移集群的. 在讲解步骤之前需要了解一下故障转移集群仲裁配置 下面图片来自<Windows Server20 ...

  4. 服务器搭建域控与SQL Server的AlwaysOn环境过程(五)配置异地机房节点

    0 引言 注意点1 注意异地节点最好至少有2个AG节点,否则在本地节点进行手动故障转移的时候会出现仲裁警告,提示WSFC集群有脱机危险 在异地节点只有一个的情况下,虽然Windows2012R2有动态 ...

  5. 服务器搭建域控与SQL Server的AlwaysOn环境过程(二) 搭建客户端节点 服务器

    1. 修改客户端服务器的计算机名,重启后,如果服务器属于克隆服务器,需要修改服务器SID,如果没有则调过这一步. 命令行方式:启动Windows2008进入系统后,打开“CMD窗口”并进入到" ...

  6. samba服务器详细配置(非域模式)

    组成Samba运行的有两个服务,一个是SMB,另一个是NMB:SMB是Samba 的核心启动服务,主要负责建立Samba服务器与Samba客户机之间的对话,验证用户身份并提供对文件和打印系统的访问,只 ...

  7. MS14-068(CVE-2014-6324)域控提权利用及原理解析

    漏洞利用 0x01 漏洞利用前提 1.域控没有打MS14-068的补丁(KB3011780) 2.拿下一台加入域的计算机 3.有这台域内计算机的域用户密码和Sid 0x02 工具下载 Ms14-068 ...

  8. Windows server 2012 利用ntdsutil工具实现AD角色转移及删除域控方法

    场景1:主域控制器与辅助域控制器运行正常,相互间可以实现AD复制功能.需要把辅助域控制器提升为主域控制器 ,把主域控制器降级为普通成员服务器:这种场景一般应用到原主域控制器进行系统升级(先转移域角色, ...

  9. 【CTF】msf和impacket联合拿域控内网渗透-拿域控

    前言 掌控安全里面的靶场内网渗透,练练手! 内网渗透拿域控 环境:http://afsgr16-b1ferw.aqlab.cn/?id=1 1.进去一看,典型的sql注入 2.测试了一下,可以爆库,也 ...

随机推荐

  1. java判断乱码

    开发需要,判断乱码,baidu了一下,基本都是同一份代码 if (!Character.isLetterOrDigit(c)) {        ->  这个有问题,中文文字被识别成字母及数字 ...

  2. Python - 素数筛

    def shai(n): prim = list() check = list([1] * (n + 1)) for i in range(2, n + 1): if(check[i] == 1): ...

  3. yii2框架安装

    注意:先把php.ini里面的php_openssl.dll扩展打开 1.下载yii2框架的文件包yii-advanced-app-2.0.7 2.打开路径为advanced下面的init.bat   ...

  4. UEFI GPT

    其实关于UEFI的几篇文章很早就写下了,只是自己读了一遍感觉很不满意,就决定重写.目的是想用最简单直白的语言把内容写出来,让每个人都能轻松读懂.当然,如果你已经对这些内容有了很深的理解的话,这篇文章除 ...

  5. MYSQL 数据类型的 3 个注意

    注意 1. bit(Length) 这种数据类型中,最大长度只可以是64.就是说 bit(2)      对 bit(64)      对 bit(65)      错 bit(100)    错 注 ...

  6. C语言中字符串如何转换为二进制、八进制、十进制、十六进制

    在C语言某个程序当中需要把文本16进制转换成对应的16进制数,比如字符串"0x1a"转换成10进制的26,可以用以下函数来实现 相关函数: atof, atoi, atol, st ...

  7. 如何在Mac上搭建自己的服务器——Nginx

    1.安装Homebrew 打开终端,输入: ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/ ...

  8. DNS缓存欺骗攻击

    1.受影响的无线网络设备 一些D-link.TP-Link.Belkin.Linksys及IPTime等品牌无线路由器存在安全隐患. 2.漏洞描述 攻击者向DNS服务器注入非法网络域名地址,如果服务器 ...

  9. ansible 远程以普通用户执行命令

    1. ansible 10.0.0.1 -m raw -a "date" -u www 2.在ansible的主机配置文件中指定ssh_uservi/etc/ansible/hos ...

  10. Navdeep Jaitly

    中文名:耐迪普 杰特尼 早期: 印度科技大学 1994-1995 滑铁卢大学 1998-2000 博士: 多伦多大学 Hinton实验室 2008-2014 工作: 谷歌大脑 2014-2017 英伟 ...