the author uses Linux for centos5.3. The ad domain is WIN2K3 SP2. Domain is: rainbird.netWin2k3:Name:ad1ip:192.168.1.241dns:192.168.1.241Centos5.3:Name:filesrvip:192.168.1.246dns:192.168.1.241Ok,let ' s go!1.samba Server Software Requirements
Krb5-workstation-1.2.7-19
Pam_krb5-1.70-1
Krb5-devel-1.2.7-19
Krb5-libs-1.2.7-19
Samba-3.0.5-2
[Email protected] centos]# Rpm-qa|grep krb5krb5-auth-dialog-0.7-1Krb5-libs-1.6.1-25.el5Krb5-devel-1.6.1-25.el5pam_krb5-2.2.14-1Krb5-workstation-1.6.1-25.el5[email protected] centos]# Rpm-qa|grep Sambasamba-swat-3.0.28-0.el5.8samba-common-3.0.28-0.el5.8samba-client-3.0.28-0.el5.8samba-3.0.28-0.el5.8 if CentOS does not cancel the default selected "Base" when it is installed, the KRB5 package is installed by defaultIf you do not have the option to install Samba you can install[email protected] centos]# RPM-IVH xinetd-2.3.14-10.el5.i386.rpm[email protected] centos]# RPM-IVH--aid samba*.rpm2. Configuring Kerberos and Sambabecause the author uses the system for CentOS so to ensure a successful accuracy rate, here is the use of the graphical tool under the character interface to configure. To run the Setup command at the terminal, open the Setup tool:Delete Admin Server The rest of the changes to the real situationRealm is the domain name and the KDC is the IP of the domain serverConfigure Winbinddomain for your field, the first "." On the left. In front of the DongdongChoosejoin domain, which prompts you if you want to save the configuration information first, must be yes. Enter the domain administrator password and click OK next. In general, as long as two machines are up and down for five minutes, and the items are configured correctly, you will see the picture below. See this picture to illustrate yourLinux successfully joined the AD domain ! OK, the advantage of graphics is convenient and fast, but this is only suitable for the RH system. What about other Linux systems? Don't worry. This tool is actually editing the following three configuration files:/etc/nsswitch.confPasswd:files winbind (first read files and then Winbind certified)shadow:files Winbindgroup:files Winbind/etc/krb5.conf[Logging]default = File:/var/log/krb5libs.logKDC = File:/var/log/krb5kdc.logadmin_server = File:/var/log/kadmind.log [Libdefaults]Default_realm = rainbird.net (the default domain name)Dns_lookup_realm = FalseDNS_LOOKUP_KDC = Falseticket_lifetime = 24hforwardable = yes [Realms]example.com = {KDC = kerberos.example.com:88admin_server = kerberos.example.com:749Default_domain = example.com } rainbird.net = {KDC = 192.168.1.241:88 (domain server)KDC = 192.168.1.241 } [Domain_realm]. example.com = example.comexample.com = example.com rainbird.net = rainbird.net. rainbird.net = rainbird.net[Appdefaults]pam = {debug = Falseticket_lifetime = 36000renew_lifetime = 36000forwardable = TrueKrb4_convert = False }/etc/samba/smb.confworkgroup = rainbird//Domain namePassword Server = 192.168.1.241//domain ServerRealm = Rainbird.netSecurity = ads//must be enabledidmap uid = 16777216-33554431idmap gid = 16777216-33554431template shell =/bin/bashwinbind Use Default domain = False (changed to True)Winbind Offline logon = False (changed to True)template Homedir =/home/%uWinbind separator =/winbind enum users = Yeswinbind enum groups = YesThe red part is the tool automatic modification, but the smb.conf modification is not complete, still can not meet our requirements, how to do? Manually add the Blue section and change the two false to Ture, then set up Samba to start automatically chkconfig SMB on,service SMB on start service, then manually add Linux to Windows[
Email protected] ~]# NET ads join-u [email protected][email protected] ' s password:the workgroup in/etc/samba/smb.conf does not match the Shortdomain name obtained from the SE RVer. Using the name [Rainbird] from the server. should set "Workgroup = Rainbird" in/etc/samba/smb.conf.using short domain name – rainbirdjoined ' FILESRV ' to Realm ' Rainbird.net 'tip "Joined" Yo, not this hint is a problem, then carefully check. OK, restart Linux, this timewith a domain user login Linux if prompt user or password verification failed, it means that you reboot before the things are not configured. What's wrong with a careful examination?
3. Create the user directory automatically .files used by pam_mkhomedir.soadd a row in the Sesson section of the/etc/pam.d/sysconf-auth filesession required pam_mkhomedir.so silent Skel=/etc/skel umask=0077silent do not print create directory informationSkel tells pam_mkhomedir.so to copy the files in the/etc/skel to the newly created directory.Umask is the permission to create the directorywhich directory is created is defined by the template homedir in smb.conf. Save The exit and restart the X-window. Log in again with the domain user. "reprint: http://rainbird.blog.51cto.com/211214/197509"
The perfect solution for Linux to join the Windows domain (reproduced)
