Интеграция Samba-сервера с Windows AD Domain Controller (samba domain windows linux centos)
Ключевые слова: samba , domain , windows , linux , centos , (найти похожие документы )From: Roman Sozinov <http://sozinov.blogspot.com> ;
Date: Mon, 3 Jan 2008 14:31:37 +0000 (UTC)
Subject: Интеграция Samba-сервера с Windows AD Domain Controller http://sozinov.blogspot.com/2007/08/samba-windows-ad-domain-controller.html
Данное оипсание применялось на дистрибутиве CentOS 5 в связке с
Windows 2003 Server Enterprise.
Для начала установим необходимые для работы пакеты
# yum install samba samba-client ntp acl
(клиентская часть необходима, если необходимо монтировать шары
виндоуза на линухе)
Подправим файл /etc/hosts, чтобы он имел примерно такой вид:
# vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.10.2.91 vm01.organization.local vm01
Добавим опцию acl при монтировании рабочего дискового раздела
# vi /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,acl 1 1
# mount -o remount /
# mkdir /share
# setfacl -m u:"ORGANIZATION+romans":rwx /share
Теперь настроим Керберос для добавления linux-сервера в windows-домен
# yum install krb5-workstation
# vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ORGANIZATION.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
ORGANIZATION.LOCAL = {
kdc = windows.organization.local:88
admin_server = windows.organization.local:749
default_domain = organization.local
}
[domain_realm]
.organization.local = ORGANIZATION.LOCAL
organization.local = ORGANIZATION.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
# kinit [email protected]
Password for [email protected] :
Минимальная настройка samba
[root@vm01 ~]#vi /etc/samba/smb.conf
[global]
workgroup = ORGANIZATION
netbios name = VM01
server string = VM01 Samba Server
security = ads
encrypt passwords = yes
realm = ORGANIZATION.LOCAL
password server = windows.organization.local
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
load printers = no
printcap name = /etc/printcap
printing =
log file = /var/log/samba/%m.log
max log size = 50
[share]
comment = a comment
path = /share
browseable = yes
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users = "ORGANIZATION+romans"
Входим в домен
# net ads join -U administrator
administrator's password:
Using short domain name -- ORGANIZATION
Joined 'VM01' to realm 'ORGANIZATION.LOCAL'
Стартуем сервисы
# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
Настраиваем nsswitch, для того чтобы он мог использовать данные AD с
помощью winbind-сервиса
# vi /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
# /etc/init.d/winbind start
Starting Winbind services: [ OK ]
Для проверки
#wbinfo -u
ORGANIZATION+administrator
ORGANIZATION+guest
ORGANIZATION+support_388945a0
ORGANIZATION+vartotojas
ORGANIZATION+cba_anonymous
ORGANIZATION+krbtgt
ORGANIZATION+for_test_1
ORGANIZATION+for_test_2
ORGANIZATION+for_admin
ORGANIZATION+romans
Ссылки:
1. How To Integrate Samba (File Sharing) Using Active Directory For Authentication
2. Samba as an Active Directory Domain Member
3. Как подружить Samba 3 и контроллер домена Windows 2003 SP1
4. RHEL5 Deployment Guide - Samba
5. RHEL5 Deployment Guide - Kerberos
