- 论坛徽章:
- 0
|
[color="#05006c"]Squid with AD authentication
http://www.chinaunix.net 作者:
seewo
发表于:2006-08-25 18:38:18
【
发表评论
】
【
查看原文
】
【
Proxy服务器讨论区
】【
关闭
】
LINUX 世界资料很少,基于AD中组的认证都在INTERNET网找不到一点资料。只有自已参考自带的说明一项项来试了。
基本实现功能:
1:2003 AD 基于组做认证;
2:两台台式机即可做HA;
Proxy Service can involve the following Steps:
Section 1:CentOS 4.3 Installation;
Section 2: CentOS 4.3 router and basic setting;
Section 3: Add Machine to AD;
Section 4: Squid2.6 Stable3 Installation and Configuration;
Section 5: Linux High-Available Installation and Configuration;
Section 6:Other Service based on Linux installation Procedure;
Section 1:CentOS 4.3 Installation
1. Prepare and relative hardware information:
Hardware Information:
GX280: PVI 2.6GHz; 2048MB 400DDR; 160 Gig hard drives; 2 network card.
CentOS 4.3 4CD;
2.
Insert the boot diskette into CD drive and reboot, Your BIOS settings may need to be changed to allow you to boot from the diskette or CD-ROM. After a short delay, a screen containing the boot: prompt should appear. Press ENTER continuous, Click Skip when prompt you to test the CD media.
3.
Using your mouse select the relative option refer to the following for the installation:
Language Selection: English (English)
Keyboard Configuration: U.S. English
Mouse Configuration: PS/2
Installation Type: Customer
Disk Partitioning Setup: Manually Partition with Disk Druid.
File System (ext3)
Size
Description
/boot
100MB
2048MB
/
10000MB
/var
40000MB (LVM)
For proxy log
/cache
80000MB
For proxy cache
Boot Loader Configuration:
Network Configuration:
Eth0
Eth1
IP address
8.8.8.1
10.1.1.10
submask
255.255.255.0
255.255.255.0
Gateway
10.1.1.5(firewall)
Primary DNS
10.1.1.33
Firewall Configuration: No Firewall/Disable Sulinux
Additional language support: English (USA)
Time Zone Selection: Asia/ShangHai
Set Root Password: xxxxxxxx
Package Group Selection (included the following only):
Applications: Editors
text-Base Internet: Add Lynx
Servers: Server configuration tools: Default
Web Server: move squid only
Development tools: Default
Proceed with Install
Do not create boot disk
Install will complete and system will reboot.
[ 本帖最后由 seewo 于 2006-8-23 14:37 编辑 ]
seewo
回复于:2006-08-22 13:32:50
Section 2: CentOS 4.3 router and basic setting
Logon as root (You can access remotely using Putty.exe in Windows OS, SSH enabled default).
Modify /etc/resolv.conf as below:
domain test.com
search test.com
nameserver 10.1.1.33
Modify /etc/hosts as below:
127.0.0.1 uxpxchn localhost.localdomain localhost
10.1.1.10 uxpxchn uxpxchn.test.com uxpxchn
10.1.1.33 dc01 dc01.test.com
Modify /etc/rc.d/rc.local as below:
echo "" >/etc/issue
echo "" >/etc/issue.net
touch /var/lock/subsys/local
/sbin/route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.1.1.1
加入你内部网的路由,Default gw是防火墙
[ 本帖最后由 seewo 于 2006-8-22 19:50 编辑 ]
seewo
回复于:2006-08-22 13:37:08
Section 3: Add uxpxchn to AD
1.
Confirm the following packages should be available on CentOS4.3 system using by this command:
root# rpm –qa|grep krb5:
krb5-auth-dialog-0.2-1
krb5-devel-1.3.4-27
krb5-libs-1.3.4-27
pam_krb5-2.1.8-1
krb5-workstation-1.3.4-27
Kerberos Configuration: The systems Kerberos installation must be configured to communicate with your primary Active Directory Server (ADS KDC).
Kerberos Configuration Steps:
modify /etc/krb5.conf file as below:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
TEST.COM = {
kdc = DC01.TEST.COM:88
admin_server = DC01.TEST.COM:749
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
2. Now you are ready to test your installation by issuing the command:
Root# kinit administrator@TEST.COM
Make sure that your password is accepted bye the Active Directory KDC.
Kerberos is case sensitive. Your realm must be in UPPERCASE.
Securing Samba-3 with ADS Support Steps:
Install samba-client-3.0.10-1.4E.6 / samba-common-3.0.10-1.4E.6/ samba-3.0.10-1.4E.6 using RPM Command. Change the /etc/samba/smb.conf file so it has contents similar to the list shown as below:
workgroup = TEST
realm = TEST.COM
security = ADS
password server = DC01.TEST.COM
encrypt passwords = yes
wins server = DC01.TEST.COM
dns proxy = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/false
winbind use default domain = yes
winbind separator = \
winbind enum users = yes
winbind enum groups = yes
3.
For Squid to benefit from Samba-3, NSS must be updated to allow winbind as a valid route to user authentication. modify /etc/nsswitch.conf file as below:
passwd: files winbind
shadow: files
group: files winbind
4.
Next You need to create a computer account in the Active Directory. This sets up the trust relationship needed for other clients to authenticate to the samba server with an Aictive Directory Kerberos ticket. This is done with the “net ads join –U administrator%Password” Command. Then start your Active Directory-enabled samba with the following commands:
root# chkconfig samba on
root# chkconfig winbind on
root# service samba start
root# service winbind start
5.
We now need to test that Samba is communicating with the Active Directory domain; most specifically, we want to see whether winbind is enumerating users and groups. Issue the following commands:
root# wbinfo –t
This tests whether we are authenticating against Active Directory tree; Using “wbinfo -u”enumerates all the users in your Active Directory tree; Using “wbinfo –g” enumerates all the groups in your Active Directory tree.
6.
Now we can create a computer account in the Active Directory. This sets up the trust relationship needed for other client to authenticate to the Samba Server with an Active Directory Kerberos ticket. This is Done with the “net ads join –U [administrator%password] command.
7.
Squid users the ntlm_auth helper build with Samba-3. You may test ntlm_auth with the command:
root# /usr/bin/ntlm_auth --username=administrator
password:
NT_STATUS_OK: Success (0x0)
8.
Squid need read from the winbind privilege pipe. Remember to issue the following command:
root# chgrp squid /var/cache/samba/winbindd_privileded
root# chmod –R 750 /var/cache/samba/winbindd_privileded
Squid, by default, runs as the user nobody. You need to add a system user squid and a system group squid if they are not set up already.
到此已完成加入AD 及用到Samba 自带的Helper for Squid. (squid 自带的在Samba 3 上不能用),余下部分下次再发。
[ 本帖最后由 seewo 于 2006-8-22 19:51 编辑 ]
xh0871
回复于:2006-08-22 18:26:45
请问楼主
1、要在SQUID中控制WINDOWS中不同群组可上不同网站有办法么
2、我通过 外部acl+wb_group,没能成功。编译时加入winbind
external_acl_type wb_group concurrency=5 ttl=900 %LOGIN /usr/local/squid/libexec/wb_group
#http_access allow all AclName
acl password proxy_auth REQUIRED
acl internetfull external wb_group -i IPVLINK+wt IPVLINK+hhhh
不知道要怎么做了
谢谢
seewo
回复于:2006-08-22 20:30:51
看完就知道怎么做了. 接下写:
Section 4: Squid2.5 Stable14 Installation and Configuration;
1. Add a system user squid and a system group squid:
root# useradd –s /bin/false –c “for Squid Only” squid
2. Squid must also have control over its logging.
root# mkdir /var/log/squid
root# chown squid:squid /var/log/squid
root# chmod 770 /var/log/squid
Finally, Squid must be able to write to its disk cache. Enter the following commands:
root# chown –R squid:squid /cache
root# chmod 770 /cache
3. Download squid 2.5Stable14 and save it to /usr/local/src:
root# wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE3.tar.gz
Compile and install Squid-2.6 Stable3
root# tar zxvf squid-2.6.STABLE3.tar.gz
root# cd squid-2.6.STABLE3
root# ./configure --prefix=/usr/local/squid --sysconfdir=/etc/squid --enable-async-io=32 --enable-auth="basic,ntlm" --enable-external-acl-helpers="wbinfo_group " --enable-kill-parent-hack --enable-poll --enable-removal-policies="heap" --disable-icmp --disable-delay-pools --disable-useragent-log -disable-arp-acl --disable-ident-lookups --disable-internal-dns
root# make
root# make install
root# make clean
root# strip /usr/local/squid/sbin/squid
root# strip /usr/local/squid/libexec/dnsserver
root# strip /usr/local/squid/libexec/cachemgr.cgi
4. Move the cache manager program to /var/www/cgi-bin/
root#mv /usr/local/squid/libexec/cachemgr.cgi /var/www/cgi-bin/cachemgr.cgi
Start the http and squid automatically during boot:
root# chkconfig httpd on
root# ln –s /etc/rc.d/init.d/squid /etc/rc3.d/S96squid
Squid.conf 请看下一贴
[ 本帖最后由 seewo 于 2006-8-22 22:06 编辑 ]
seewo
回复于:2006-08-22 22:10:11
Squid.conf
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl ProxyUsers external NT_global_group Domain_Internet_Users
acl AuthenticatedUsers proxy_auth REQUIRED
http_access allow AuthenticatedUsers ProxyUsers
说明: Domain_Internet_Users 为 AD 中全局组,只要是此组成员即可上网。
seewo
回复于:2006-08-22 22:22:16
上面TX 提到怎样控制不同组上不同网站,以下方法我已测试过,没问题!
external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl ProxyUsers external NT_global_group Domain_Internet_Users
acl Google_site dstdomain .google.com
acl GoogleUsers external NT_global_group Google_Groups
acl AuthenticatedUsers proxy_auth REQUIRED
http_access allow AuthenticatedUsers GoogleUsers Google_site
http_access allow AuthenticatedUsers ProxyUsers
注: Google_Groups同 Domain_Internet_Users 一样为 AD 中全局组.
[ 本帖最后由 seewo 于 2006-8-23 14:41 编辑 ]
xh0871
回复于:2006-08-23 10:25:25
感谢楼主,不过我的暂时没有成功
[root@squidlinux root]# wbinfo -g
BUILTINwinbind enum users = yesSystem Operators
BUILTINwinbind enum users = yesReplicators
BUILTINwinbind enum users = yesGuests
BUILTINwinbind enum users = yesPower Users
BUILTINwinbind enum users = yesPrint Operators
BUILTINwinbind enum users = yesAdministrators
BUILTINwinbind enum users = yesAccount Operators
BUILTINwinbind enum users = yesBackup Operators
BUILTINwinbind enum users = yesUsers
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Domain Admins
Domain Users
Domain Guests
Group Policy Creator Owners
DnsUpdateProxy
wt
hhhh
[root@squidlinux root]# vi /usr/local/squid/etc/squid.conf
这里参照楼主的(而且是加参数重新编译)如下:
external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl ProxyUsers external NT_global_group wt
acl AuthenticatedUsers proxy_auth REQUIRED
http_access allow AuthenticatedUsers ProxyUsers
cache_effective_user test
cache_effective_group test
结果:域里的用户不能上网,如果注释external_acl_type 这几行就没有问题
找不出原因在哪,我的SAMBA加入域是用的test加入的
谢谢
seewo
回复于:2006-08-23 14:43:36
楼上兄弟说清楚点:是用哪个Linux 版本呀,SQUID 用的又是哪个版本,编译选项又是哪些?是跟AD在认证还是跟NT Domain做认证?
xh0871
回复于:2006-08-23 16:22:34
RedHat9 2.4.20-8
samba-3.0.5-0.5. krb5-devel-1.2.7 squid-2.5.STABLE2.tar.gz
我的服务器是2003
想用ntlm做AD认证
服务器里有个 帐户为 xh 群组为 wt
目前用LINUX 做代理服务器(以test用户运行squid) 现已做好认证 也加入了域
客户端(WIN系统IE设置局域网代理,并且也是域中的计算机)目前访问网站不用输入密码
就是在做群组访问控制时(如想控制wt群组可上网),绐终不能实现现在一直在找原因
我把部分状况列出来,帮我看看
samba-3.0.5-0.5.1.i386.rpm
samba-client-3.0.5-0.5.1.i386.rpm
samba-common-3.0.5-0.5.1.i386.rpm
#rpm -Uvh samb*
下面是samba相关文件
[global]
workgroup = IPVLINK.COM.CN
server string = Samba Server
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 50
security = ads
realm = IPVLINK.COM.CN
password server = win2k3.IPVLINK.COM.CN
encrypt passwords = yes
wins server = win2k3.IPVLINK.COM.CN
dns proxy = no
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/false
winbind use default domain=yes
winbind separator=\
winbind enum users = yes
winbind enum groups = yes
然后重启服务并加入域
net ads join -U administrator
[root@squidlinux root]# wbinfo -u
Administrator
Guest
SUPPORT_388945a0
WIN2K3$
krbtgt
IUSR_WIN2K3
IWAM_WIN2K3
evan
gavin
josie
__vmware_user__
WIN2003$
jay
jerry
xh
cdma
HOST/squidlinux
[root@squidlinux root]# wbinfo -g
BUILTINwinbind enum users = yesSystem Operators
BUILTINwinbind enum users = yesReplicators
BUILTINwinbind enum users = yesGuests
BUILTINwinbind enum users = yesPower Users
BUILTINwinbind enum users = yesPrint Operators
BUILTINwinbind enum users = yesAdministrators
BUILTINwinbind enum users = yesAccount Operators
BUILTINwinbind enum users = yesBackup Operators
BUILTINwinbind enum users = yesUsers
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Domain Admins
Domain Users
Domain Guests
Group Policy Creator Owners
DnsUpdateProxy
wt
hhhh
[root@squidlinux root]# wbinfo -r xh
Could not get groups for user xh
不能找到用户所属的组,不确定问题是不是在SAMBA呢?????
编译时用的参数:
./configure --prefix=/usr/local/squid --enable-gnuregex --enable-async-io=80 --enable-icmp --enable-kill-parent-hack --enable-snmp --disable-ident-lookups --enable-err-language="Traditional_Chinese" --enable-poll --enable-linux-netfilter --enable-delay-pools --enable-snmp --enable-cache-digest --enable-auth="basic,ntlm" --enable-baisc-auth-helpers="NCSA" --enable-ntlm-auth-helpers="fakeauth" --enable-underscores --enable-arp-acl --enable-linux-netfilter --enable-external-acl-helpers="wbinfo_group"
配置文件内容:
visible_hostname squidlinux
http_port 3128
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
cache_dir ufs /usr/local/squid/var/cache 1200 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 hours
external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl ProxyUsers external NT_global_group wt
acl AuthenticatedUsers proxy_auth REQUIRED
http_access allow AuthenticatedUsers ProxyUsers
cache_effective_user test
cache_effective_group test
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
reply_body_max_size 1048576 allow all
目前
squid以test用户运行
如果注释有颜色Blue的几行
客户机(用xh登录)能上网,
否则就不能上网了
这是目前情况
请楼主(可否留个联系方式)帮我看看
谢谢
[ 本帖最后由 xh0871 于 2006-8-23 18:24 编辑 ]
seewo
回复于:2006-08-24 12:29:50
提供两点建议:
1: SAMBA 官方文档推荐:
If the requirement is for interoperation with MS Windows Server 2003, it will be necessary to ensure that you are using MIT Kerberos version 1.3.1 or later. Red Hat Linux 9 ships with MIT Kerberos 1.2.7 and thus requires updating.
先升级Krb5 试试。
2: 至于组认证通不过,可能先用命令行试试:
root# usr/local/squid/libexec/wbinfo_group.pl 回车
xh wt 手工输入用户名 及组的名字,看返回值是OK 还是 ERR.
OK 即可确认xh 是 wt 组的成员.
xh0871
回复于:2006-08-24 17:38:26
谢谢楼主指点
但是实验多次,还是不成功
1、升级squid为2.6(其它不变),wbinfo -u和wbinfo -g显示正常,但是客户端访问时弹出要输入用户名和密码的对话框,
验证不能通过,root# /usr/local/squid/libexec/wbinfo_group.pl。返回的是ERR
2、krb5升级到1.4.4 代理升级到 squid2.6stable3,,还是和1一样
3、krb5升级到1.4.4 代理变回到 squid2.5stable2,客户端访问时不要输入用户名,而且注释外部ACL那几行可以访问
网站。但是root# /usr/local/squid/libexec/wbinfo_group.pl 返回的仍是ERR
4、想升级SAMBA但包的依赖性不好处理,明天再原码安装SAMBA看看
[ 本帖最后由 xh0871 于 2006-8-24 18:13 编辑 ]
seewo
回复于:2006-08-25 15:43:21
Configuring Squid Proxy To Authenticate With
Active Directory 不一定要加入AD的,其实我更愿意推荐另外一种认证机制:LDAP。
Microsoft AD 是一种LDAP v3 兼容的目录服务,Squid 也支持
LDAP v3. 所有我们可以用LDAP得到与用Samba / Winbind同样的结果,而且不用象上面
一样还要把机器加入AD。
这需要squid 2.5 或更高版本 (with Ldap helpers).
相关信息可以参考:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
Configuring Squid LDAP Authentication
The first step is to configure Squid to authenticate usernames/passwords with the Active Directory. You will need to open your Squid configuration file (squid.conf) and make the following changes:
Find the auth param section of the config file (TAG: auth_param), and change the auth param basic program line to look like this. (Indented text indicates one line)
auth_param basic program /usr/lib/squid/ldap_auth -R
-b "dc=vm-domain,dc=papercut,dc=biz"
-D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com"
-w "password" -f sAMAccountName=%s -h 192.168.1.75
auth_param basic children 5
auth_param basic realm Your Organisation Name
auth_param basic credentialsttl 5 minutes
These settings tell Squid authenticate names/passwords in the Active Directory.
The -b option indicated the LDAP base distinguished name of your domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com
The –D option indicates the user that is used to perform the LDAP query. (e.g an Administrator. This example uses the built-in Administrator user, however you can use another user of your choice.
The –w option is the password for the user specified in the –D option. For better security you can store the password in a file and use the –W /path/to/password_file syntax instead
-h is used to indicate the LDAP server to connect to. E.g. your domain controller.
-R is needed to make Squid authenticate against Windows AD
The –f option is the LDAP query used to lookup the user. In the above example, sAMAccountName=%s, will match if the user’s Windows logon name matches the username entered when prompted by Squid. You can search any value in the LDAP filter query. You may need to use an LDAP search query tool to help get the syntax correct for the –f search filter.
The %s is replaced with what the user enters as their username.
Remember to restart Squid to make these changes to come into effect.
Configuring Group Based Internet Access
Once the user has authenticated, you can define which users have access to network resources (i.e. the internet) using Squid access control lists (ACLs). Squid ACLs are a complex topic and allow very sophisticated control. This document only describes the basic configuration required to allow Active Directory / LDAP group checking - a requirement for PaperCut to deny/allow internet access. For further information on ACL syntax and configuration see the Squid documentation and FAQ.
In the Squid configuration file, find the external ACL section (TAG: external_acl_type) and specify the following external ACL (Inetgroup is arbitrary, make this anything appropriate). Note that this is all on one line.
external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R
-b "dc=vm-domain,dc=papercut,dc=biz"
-D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com"
-w "password"
-f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,dc=your,dc=domain,dc=com))"
-h 192.168.1.75
Most of this is similar to the LDAP authentication section above. The variable %v relates to the username and %a is the group given in the ACL (below). Ensure that the "memberof" filter is adjusted to where your LDAP internet group is defined. E.g. If you have an organizational unit call "you.domain.com/students", and this contains a group called "InternetAccessGroup", then the "memberof" part of the filter should be: memberof=cn=%a,ou=students,dc=your,dc=domain,dc=com
Then enter the values below in the ACL area (Tag: acl) of squid.conf, modifying your internal subnet as appropriate.
acl localnet proxy_auth REQUIRED src 192.168.1.0/24
acl InetAccess external InetGroup InternetAccessGroup
The ACL names are InetAccess, they are arbitrary and can be changed to suit your environment. InetGroup is the the External ACL name created above. The Active Directory groups that allow internet access is InternetAccessGroup. This is the name of the matching group in the Active Directory.
Now that you have completed the ACL you can reference them in the http_access area of Squid.conf:
http_access allow InetAccess
You will need to restart Squid for these changes to come into effect.
You should then be able to try to access the Internet using Squid, and should be prompted for your Windows username and password. Only authenticated users AND users belonging to the "InternetAccessGroup" will be allowed access to the internet. This test by manually adding and removing users from the group using the Active Directory user management tools. The users should be granted/denied access depending on their AD group membership.
NOTE: If you have the need to deny Internet access for members of another Windows security group, you can set up a "InternetDenyGroup" the same way as above and then define an InetDeny ACL. You can then specify a http_access deny rule as follows:
http_access deny InetDeny
Acknowledgements
Thanks to Ryan Brinch (Network Administrator, Linwood College, New Zealand) for his assistance helping PaperCut Software write this guide. Ryan would also like to thank Stephen Fergusson, for helping in the reviewing and checking this document.
试试再告诉大家结果。
上面所写的方法没有弹出对话框要你输入用户名及密码,LDAP 可能要,试试才知.
[ 本帖最后由 seewo 于 2006-8-25 17:42 编辑 ]
[url=http://bbs.chinaunix.net/viewpro.php?uid=453609]xh0871
回复于:2006-08-25 17:17:14
我想先用AD把功能实现,可能是因为做了一大半了,不想放弃吧。
想换个LINUX来试一下
功能实现后再把其它认证做一下
我在这方面的知识太少,不够用,所以应该多找点相关资料才行
可是中文资料不多,而英文看着有点头晕
只能不断的学习
xh0871
回复于:2006-08-25 18:38:18
用FC5来做出现新问题
service winbind stop 失败
service winbind restart 时就出现下面问题
WINBIND已死 但 PID文件仍在
WINBIND已死但SUBSYS被锁
删除.pid 和subsys还是启动不了winbind
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/12974/showart_166110.html |
|
免费注册
发表于 2006-09-06 22:20