What about Linux domain addition?

Source: Internet
Author: User
Tags to domain
Note: This article describes how to add Linux to a Windows domain. This article will not detail how to add Linux to a domain. It only provides a configuration template. If you do not know about it, you can view related articles. * -- ** LinuxToWindowsAD * -- *-Basic Concept * PDC-master domain control

Note: This article describes how to add Linux to a Windows domain. This article will not detail how to add Linux to a domain. It only provides a configuration template. If you do not know about it, you can view related articles.
*-===================================== -*
* Linux To Windows AD
*-===================================== -*

-Basic Concepts
* PDC-master Domain Controller
* BDC-Backup Domain Controller
* KDC-key issuing center, Kerberos server
* PAM-pluggable authentication module
* SRV-DNS service resource record
-Domain Mode
* PRC-Linux is added to the domain in the Windows 2000/NT4 style.
* ADS-activity directory, Windows2003, and WindowsXP
* Hybrid-best compatibility

-Software Package Sw
* Samba: yum install samba. * samba-common. * samba-winbind-client .*
* Winbind: yum install samba-winbind .*
* Samba4: yum install samba4. *; A newer version of samba
* Kerberos5: yum install pam_krb5. * krb5-workStatIon. * krb5-libs .*
* Ldconfig
* Ldconfig-v |GrepWinbind
*Ls/Usr/lib/libnss_winbind.so

-Configuration file
-NSS:/etc/nsswitch. conf; indicates how the system looks for the System Configuration File
; Modify the following content

Password:FileS winbind
Group: files winbind
-Samba:/etc/smb. conf
; Configurations related to shared folders
[Global]
Client use spnego = no
Server signing = auto
Workgroup = CAMPUS
# The SHORT-DOMAIN name of your domain, you neEdTo modify
WinsSuPport = yes
Wins server = 10.0.0.4
# ConTrOller of the domain, You need to modify it to your own
Wins proxy = yes
Security = ADS
# Or AD, ADS, domain, DOMAIN is the RPC mode
Acl compatibility = win2k
IdMap uid = 16777216-33554431
# Set baSedOn your user count
Idmap gid = 16777216-33554431
Password server = 10.0.0.4
# Domain Controller
Map to guest = bad user
Guest OK = no
Realm = CAMPUS. COM
# You need to keep the same with file krb5.conf defined
# ENcRypt psswords = yes
# Encrypt PASS, not supported by some version of samba
Winbind use default domain = yes
# Winbind separator = %
Template homedir =/home/% D/% U
# A mode 777 shocould beSetOn/home/% D
Template shell =/bin/bash
[Homes]
Comment = % S
Path =/home/% D/% S
WriteAble = yes
Browsable = yes
; Valid users = % S
Valid users = CAMPUS \ % S
* Kerberos configuration file:/etc/krb5.conf
[Logging]
Default = FILE:/var/log/krb5libs. log
Kdc = FILE:/var/log/krb5kdc. log
Admin_server = FILE:/var/log/kadmind. log
[Libdefaults]
Default_realm = CAMPUS. COM
Dns _LookUp_realm = false
Dns_lookup_kdc = false
[Realms]
CAMPUS. COM = {
Kdc = ADS. CAMPUS. COM: 88
Admin_server = ADS. CAMPUS. COM: 749
Default_domain = campus.com
}
# This is a REALMS to domain mapping, REALMS FoRmAt is uppercase
[Domain_realm]
.Campus.com = CAMPUS. COM
Campus.com = CAMPUS. COM
# Build the mapPing
[Kdc]
Profile =/var/kerberos/krb5kdc/kdc. conf
[Appdefaults]
Pam = {
Debug = false
Ticket_lifeTime= 36000
Renew_lifetime = 36000
Forwardable = true
Krb4_convert = false
}
* Restart samba: service smb restart
; Wang: If only authentication is performed, the SMB service may not be started, but the smb. conf must be configured.
* Restart Winbind: service winbind restart
* Initialize KDC: net ads kerberos kinit
* Add domain: net rpcJoin-S ads. CAMPUS. COM-U Administrator %
* View information: net rpc info; net ads testjoin; net ads
* Return domain: net ads leave-s ads. CAMPUS. COM-U Administrator %
* View User information: wbinfo-u, wbinfo-t
* View the local user: getentPasswdK-id, getent group K-id
* Get SID: net rpc getsid-U Administrator %-I x. x
* NTLM-AUTH: ntlm_auth -- username = $ USER

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.