Chinaunix

标题: 求助:linux加入域后,域用户访问samba服务提示登陆失败 [打印本页]
作者: xllgix718    时间: 2009-03-07 20:17
标题: 求助:linux加入域后,域用户访问samba服务提示登陆失败
服务都装了,我帖下我的配置文件.
AD server :192.168.10.100   hcq.bazz.local
samba:192.168.10.10      hcq
1、krb5配置
#vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


[libdefaults]
default_realm = BAZZ.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
BAZZ.LOCAL = { #
kdc = 192.168.10.100:88 #
admin_server = 192.168.10.100:749 #
default_domain = bazz.local
}

[domain_realm]
.bazz.local= BAZZ.LOCAL
  bazz.local= BAZZ.LOCAL

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

连接AD server
kinit administrator@ BAZZ.LOCAL
密码后一切正常

2、smb.conf配置
#vi /etc/samba/smb.conf
#===================== Global Settings =========================
[global]
        workgroup = BAZZ
        netbios name = hcq
        idmap uid    = 15000-20000
        idmap gid    = 15000-20000
        winbind enum groups = yes
        winbind enum users  = yes
        winbind separator   = /
;       winbind use default domain = yes
        template homedir = /home/%D/%U
        template shell   = /bin/bash
        hosts allow =192.168.10. 127.

# ----------------------- Domain Members Options ------------------------
        security = domain
;       passdb backend = tdbsam
;      realm = BAZZ.LOCAL
        encrypt passwords = yes
        password server = 192.168.10.100

[homes]
   path = /home/%D/%U
   browseable = no
   writable = yes
   valid users = bazz.local/%U
   create mode = 0777
   directory mode = 0777


3、配置nsswitch.conf
#vi /etc/nsswitch.conf
修改以下位置
passwd:     files winbind
shadow:     files
group:      files winbind


4、启动服务,加入AD域
[root@lamp ~]# net rpc join -S hcq.bazz.local -U administrator
Password:
Joined domain BAZZ.
5、验证
[root@lamp ~]# net rpc testjoin
Join to 'BAZZ' is OK


在2003里也可以看到linux的主机名加入到域了,但是我登陆samba用户时输入administrator时提示我登录失败。。。。。。。。。。



请各位前辈帮忙。。

[ 本帖最后由 xllgix718 于 2009-3-7 20:21 编辑 ]
作者: kns1024wh    时间: 2009-03-07 21:19
标题: 回复 #1 xllgix718 的帖子
testparm 测试一下samba
ldap的认证可能有问题
作者: jerrywjl    时间: 2009-03-08 23:29
把wbinfo -t和wbinfo -u的内容拿来。或者你要用wbinfo -u显示出来的用户名格式登录。



欢迎光临 Chinaunix (http://bbs.chinaunix.net/) Powered by Discuz! X3.2