Use winbind to synchronize windowsPDC and linux system accounts-Linux Enterprise Application-Linux server application information. The following is a detailed description. Test environment:
Operating System: redflagDC4.1 samba version: samba-3.0.2a-9AX ip: 172.16.100.2
(Note: you must use a relatively clean DC4.1 environment and use the built-in samba to complete the operation. We tested it earlier because the operating system has been configured by others, therefore, samba cannot be changed for several versions. You have to reinstall DC4.1 to complete the configuration .)
PDC Controller: windows2000Server testing domain name tail host name pig ip: 172.16.100.1
Test DNS: Host Name pig of windows2000Server (same as PDC)
Test process:
I. preparations:
Configure windows2000Server as PDC, create a tail domain, configure DNS that can resolve the tail domain, and use window2000 or windows98 with the client to log on to the PDC domain of windows2000Server correctly.
2. Configure the user and group information in the domain caught by the winbindd service to connect to the PDC:
1. Modify the nsswitch. conf file:
Vi/etc/nsswitch. conf
Make the following changes to make winbind a source of authentication information for passwd and group.
3. vi smb. conf. Make sure that the [global] segment has the following lines:
[Global]
Workgroup = TAIL
Netbios name = rfdc41
Server string = Samba Server
Security = domain
Password server = pig. tail
Preferred master = no
Domain master = no
Domain logons = no
Idmap uid = 10000-20000
Idmap gid = 10000-20000
Template shell =/bin/bash
Template homedir =/home/% D/% U
Winbind separator = %
Winbind use default domain = Yes
Idmap uid and idmap gid are the idnumber range used by winbind to set win200x domain users, Group map users, and groups. If there are many users, the difference between the two values can be increased.
Template homedir is the main directory after the user logs on. I set it to/home/Domain Name/user name.
Template shell is the shell after the user logs on. If you want to use PDC to authenticate your sshd, you can add this to give the user a login shell.
Winbind separator is the delimiter between the domain name and the user name when obtaining the account, such as tail % work
Set winbind use default domain to yes, which shields the separator between the domain name and the user name during display. Otherwise, when you log on to the linux system, enter a user name like tail % work.
5. Use the net join command of samba to add this machine to the windows200x domain (supported by samba3.0 or a later version)
Net rpc join-S pig. tail-U Administrator
Enter the domain Administrator password, that is, the Administrator password.
6. Start the samba service and winbindd service.
# Service smb start
# Service winbind start
7. Run the wbinfo command to view the information of users and groups in the domain captured by the PDC through the winbindd service.
Wbinfo-u
The following shows the PDC user information captured by winbind:
Administrator
Guest
Huaijinyang
Jack
Krbtgt
Laohuai
User1
User2
User3
User4
User5
Work
Run the following command:
Wbinfo-g
We can see information about the PDC group captured by winbind as follows:
The UID of the PDC Users Group starts from 10000.
You can see this information, indicating that the configuration is complete and the winbind service is working properly.
Note that if you create a new user in the PDC domain or change the password for a user, refresh the samba service and winbind service as follows:
Service smb stop
Service winbind stop
Rm-f/etc/samba/*. tdb
Rm-f/var/cache/samba/*. tdb
Net rpc join-S pig. tail-U Administrator
Service smb start
Service winbind start
In order to re-capture the updated information of the PDC.
9. Create the user's logon home directory
The template homedir path is specified in the samba configuration file.
Mkdir/home/TAIL
Note that the PDC domain name must be in uppercase!
3. Configure pam Authentication for log on to the PDC user
1
Back up the original pam Authentication File
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.