samba采用windows AD认证登录

1.windows AD部署 忽略

2.linux加入 域控

  2.1安装软件

yum install realmd oddjob oddjob-mkhomedir sssd adcli openldap-clients policycoreutils-python samba-common samba-common-tools krb5-workstation

2.2设置时区

timedatectl set-timezone Asia/Shanghai

2.3设置主机名(已经要规范)

hostnamectl  set-hostname  samba.hanmma.cn

2.4设置dns

2.5 加入域控

 realm join hanmma.cn

2.6查看下配置

2.7验证

authconfig --enablesssd --enablesssdauth --enablemkhomedir --update

systemctl start sssd

2.8验证用户

3.开始安装samba

yum   -y install samba*

4.配置samba

[root@samba home]# cat /etc/samba/smb.conf

# See smb.conf.example for a more detailed config file or

# read the smb.conf manpage.

# Run 'testparm' to verify the config is correct after

# you modified it.

[global]

    workgroup = HANMMA

    realm = HANMMA.CN

    security = ADS

    password server = 192.168.56.131  # password server是AD域控服务器IP

    idmap uid = 10000 - 20000

    idmap gid = 10000 - 20000

    template shell = /sbin/nologin

    winbind separator = /

    winbind use default domain = yes

    winbind enum users = yes

    winbind enum groups = yes

    encrypt passwords = yes

[safegroup]

       comment = security

       path = /home/1

       public = no

       valid users = hmm_liuhaixiao  

       writable = yes

       browseable = yes

       printable = no

[root@samba home]#  

chmod -R  777  /home1

4.配置winbind

/etc/nsswitch.conf

passwd:     files winbind
group:      files winbind

• 1.

• 2.

• 3.

• 4.

5.配置kerberos

/etc/krb5.conf1.

6.重启服务

systemctl restart smb 

systemctl restart samb