Chinaunix

标题: 求助:我用samba把linux加入到2003域后,访问共享时登陆失败 [打印本页]
作者: xllgix718    时间: 2009-03-07 20:15
标题: 求助:我用samba把linux加入到2003域后,访问共享时登陆失败
服务都装了,我帖下我的配置文件.
AD server :192.168.10.100   hcq.bazz.local
samba:192.168.10.10      hcq
1、krb5配置
#vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


[libdefaults]
default_realm = BAZZ.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
BAZZ.LOCAL = { #
kdc = 192.168.10.100:88 #
admin_server = 192.168.10.100:749 #
default_domain = bazz.local
}

[domain_realm]
.bazz.local= BAZZ.LOCAL
  bazz.local= BAZZ.LOCAL

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

连接AD server
kinit administrator@ BAZZ.LOCAL
密码后一切正常

2、smb.conf配置
#vi /etc/samba/smb.conf
#===================== Global Settings =========================
[global]
        workgroup = BAZZ
        netbios name = hcq
        idmap uid    = 15000-20000
        idmap gid    = 15000-20000
        winbind enum groups = yes
        winbind enum users  = yes
        winbind separator   = /
;       winbind use default domain = yes
        template homedir = /home/%D/%U
        template shell   = /bin/bash
        hosts allow =192.168.10. 127.

# ----------------------- Domain Members Options ------------------------
        security = domain
;       passdb backend = tdbsam
;      realm = BAZZ.LOCAL
        encrypt passwords = yes
        password server = 192.168.10.100

[homes]
   path = /home/%D/%U
   browseable = no
   writable = yes
   valid users = bazz.local/%U
   create mode = 0777
   directory mode = 0777


3、配置nsswitch.conf
#vi /etc/nsswitch.conf
修改以下位置
passwd:     files winbind
shadow:     files
group:      files winbind


4、启动服务,加入AD域
[root@lamp ~]# net rpc join -S hcq.bazz.local -U administrator
Password:
Joined domain BAZZ.
5、验证
[root@lamp ~]# net rpc testjoin
Join to 'BAZZ' is OK


在2003里也可以看到linux的主机名加入到域了,但是我登陆samba用户时输入administrator时提示我登录失败。。。。。。。。。。



请各位前辈帮忙。。
作者: lovegqin    时间: 2009-03-09 20:13
提示: 作者被禁止或删除 内容自动屏蔽
作者: balloon123    时间: 2009-03-13 10:06
1)要在Samba所在的Linux系统上创建一个叫administrator的系统用户
2)smbd,nmbd,winbindd进程都要起起来的



欢迎光临 Chinaunix (http://bbs.chinaunix.net/) Powered by Discuz! X3.2