Chinaunix
标题:
求助:linux加入域后,域用户访问samba服务提示登陆失败
[打印本页]
作者:
xllgix718
时间:
2009-03-07 20:17
标题:
求助:linux加入域后,域用户访问samba服务提示登陆失败
服务都装了,我帖下我的配置文件.
AD server :192.168.10.100 hcq.bazz.local
samba:192.168.10.10 hcq
1、krb5配置
#vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BAZZ.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
BAZZ.LOCAL = { #
kdc = 192.168.10.100:88 #
admin_server = 192.168.10.100:749 #
default_domain = bazz.local
}
[domain_realm]
.bazz.local= BAZZ.LOCAL
bazz.local= BAZZ.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
连接AD server
kinit administrator@ BAZZ.LOCAL
密码后一切正常
2、smb.conf配置
#vi /etc/samba/smb.conf
#===================== Global Settings =========================
[global]
workgroup = BAZZ
netbios name = hcq
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind enum groups = yes
winbind enum users = yes
winbind separator = /
; winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
hosts allow =192.168.10. 127.
# ----------------------- Domain Members Options ------------------------
security = domain
; passdb backend = tdbsam
; realm = BAZZ.LOCAL
encrypt passwords = yes
password server = 192.168.10.100
[homes]
path = /home/%D/%U
browseable = no
writable = yes
valid users = bazz.local/%U
create mode = 0777
directory mode = 0777
3、配置nsswitch.conf
#vi /etc/nsswitch.conf
修改以下位置
passwd: files winbind
shadow: files
group: files winbind
4、启动服务,加入AD域
[root@lamp ~]# net rpc join -S hcq.bazz.local -U administrator
Password:
Joined domain BAZZ.
5、验证
[root@lamp ~]# net rpc testjoin
Join to 'BAZZ' is OK
在2003里也可以看到linux的主机名加入到域了,但是我登陆samba用户时输入administrator时提示我登录失败。。。。。。。。。。
请各位前辈帮忙。。
[
本帖最后由 xllgix718 于 2009-3-7 20:21 编辑
]
作者:
kns1024wh
时间:
2009-03-07 21:19
标题:
回复 #1 xllgix718 的帖子
testparm 测试一下samba
ldap的认证可能有问题
作者:
jerrywjl
时间:
2009-03-08 23:29
把wbinfo -t和wbinfo -u的内容拿来。或者你要用wbinfo -u显示出来的用户名格式登录。
欢迎光临 Chinaunix (http://bbs.chinaunix.net/)
Powered by Discuz! X3.2