What about Linux domain addition?

Note: This article describes how to add Linux to a Windows domain. This article will not detail how to add Linux to a domain. It only provides a configuration template. If you do not know about it, you can view related articles. * -- ** LinuxToWindowsAD * -- *-Basic Concept * PDC-master domain control

Note: This article describes how to add Linux to a Windows domain. This article will not detail how to add Linux to a domain. It only provides a configuration template. If you do not know about it, you can view related articles.
*-===================================== -*
* Linux To Windows AD
*-===================================== -*

-Basic Concepts
* PDC-master Domain Controller
* BDC-Backup Domain Controller
* KDC-key issuing center, Kerberos server
* PAM-pluggable authentication module
* SRV-DNS service resource record
-Domain Mode
* PRC-Linux is added to the domain in the Windows 2000/NT4 style.
* ADS-activity directory, Windows2003, and WindowsXP
* Hybrid-best compatibility

-Software Package Sw
* Samba: yum install samba. * samba-common. * samba-winbind-client .*
* Winbind: yum install samba-winbind .*
* Samba4: yum install samba4. *; A newer version of samba
* Kerberos5: yum install pam_krb5. * krb5-workStatIon. * krb5-libs .*
* Ldconfig
* Ldconfig-v |GrepWinbind
*Ls/Usr/lib/libnss_winbind.so

-Configuration file
-NSS:/etc/nsswitch. conf; indicates how the system looks for the System Configuration File
; Modify the following content

Password:FileS winbind
Group: files winbind
-Samba:/etc/smb. conf
; Configurations related to shared folders
[Global]
Client use spnego = no
Server signing = auto
Workgroup = CAMPUS
# The SHORT-DOMAIN name of your domain, you neEdTo modify
WinsSuPport = yes
Wins server = 10.0.0.4
# ConTrOller of the domain, You need to modify it to your own
Wins proxy = yes
Security = ADS
# Or AD, ADS, domain, DOMAIN is the RPC mode
Acl compatibility = win2k
IdMap uid = 16777216-33554431
# Set baSedOn your user count
Idmap gid = 16777216-33554431
Password server = 10.0.0.4
# Domain Controller
Map to guest = bad user
Guest OK = no
Realm = CAMPUS. COM
# You need to keep the same with file krb5.conf defined
# ENcRypt psswords = yes
# Encrypt PASS, not supported by some version of samba
Winbind use default domain = yes
# Winbind separator = %
Template homedir =/home/% D/% U
# A mode 777 shocould beSetOn/home/% D
Template shell =/bin/bash
[Homes]
Comment = % S
Path =/home/% D/% S
WriteAble = yes
Browsable = yes
; Valid users = % S
Valid users = CAMPUS \ % S
* Kerberos configuration file:/etc/krb5.conf
[Logging]
Default = FILE:/var/log/krb5libs. log
Kdc = FILE:/var/log/krb5kdc. log
Admin_server = FILE:/var/log/kadmind. log
[Libdefaults]
Default_realm = CAMPUS. COM
Dns _LookUp_realm = false
Dns_lookup_kdc = false
[Realms]
CAMPUS. COM = {
Kdc = ADS. CAMPUS. COM: 88
Admin_server = ADS. CAMPUS. COM: 749
Default_domain = campus.com
}
# This is a REALMS to domain mapping, REALMS FoRmAt is uppercase
[Domain_realm]
.Campus.com = CAMPUS. COM
Campus.com = CAMPUS. COM
# Build the mapPing
[Kdc]
Profile =/var/kerberos/krb5kdc/kdc. conf
[Appdefaults]
Pam = {
Debug = false
Ticket_lifeTime= 36000
Renew_lifetime = 36000
Forwardable = true
Krb4_convert = false
}
* Restart samba: service smb restart
; Wang: If only authentication is performed, the SMB service may not be started, but the smb. conf must be configured.
* Restart Winbind: service winbind restart
* Initialize KDC: net ads kerberos kinit
* Add domain: net rpcJoin-S ads. CAMPUS. COM-U Administrator %
* View information: net rpc info; net ads testjoin; net ads
* Return domain: net ads leave-s ads. CAMPUS. COM-U Administrator %
* View User information: wbinfo-u, wbinfo-t
* View the local user: getentPasswdK-id, getent group K-id
* Get SID: net rpc getsid-U Administrator %-I x. x
* NTLM-AUTH: ntlm_auth -- username = $ USER