Windows AD domain installation and necessary settings

First, install the AD domain

Run the dcpromo command to install the ad domain.

Steps:

1.win+r

2.dcpromo

Legend:

Baidu Encyclopedia about "Dcpromo" Explanation:

The dcpromo command is a "switch" command. If the Windows Server computer is a member server, running the DCPROMO command installs the Active Directory, upgrades it to a domain controller, and if the Windows Server computer is already a domain controller, the run DCPROMO command uninstalls the Active Directory. Demote it to a member server.

Second, common functions

Create users, create organizations, and more

Third, disable the Enforce password policy

Iv. allow creation of user logins

Add the domain control user to the 、、、、 policy.

1. Create a virtual machine with a VM and set up a static IP

Using the NAT method

1) Setting up virtual NetWork Editor

Be aware that the use local DHCP service to distribute IP address to VMS is set to unchecked.

Click Nat settings to view the gateway IP

2) host set up network share

2. Windows Build AD Domain

Readers are invited to see:

Http://wenku.baidu.com/link?url=W4_ Ypavc4n8ont9-afyfjyhpntza5tuijprlkaob80shnssty9a2xwfea-v7khfdwldj7hwhgovgo3twancqlpncm-mmazasaffzgwgn-yg

3. Linux joins the AD domain

1. Yum install krb5-libs krb5-devel pam_krb5 krb5-workstation krb5-auth-dialog
2. Yum install Samba-winbind Samba Samba-common samba-client samba-winbind-clients

1) Modify DNS

(1) Edit the network card profile/etc/sysconfig/network-scripts/ifcfg-eth0, add DNS to the AD domain server address, such as: dns1= 192.168.56.10, where 192.168.56.10 is the AD domain server IP.

(2) Edit/etc/sysconfig/network Change host name: Changes to a long hostname, hostname plus domain name: For example domain: domian.com, changed host name Host.domian.com.

(3) Perform the service network restart and restart the networks.

(4) When the above operation is complete, ping domain.com at the command line should be able to ping, where domain.com is the domain name of the ad domain. If the ping does not work, check your firewall and DNS configuration.

2) Time synchronization

Readers are asked to refer to http://blog.csdn.net/ablo_zhou/article/details/5658916

3) Add domain

(1) Setup command

(2)

(3)

(4) Choose/bin/bash here

(5)

(6) After successful, the following prompt will be displayed:

(7) Edit/etc/samba/smb.conf, modify the following line, you can implement login without the need to enter the domain name winbind Use Default Domain = True

(8) Start the related service and set up boot, execute the following command:

Service SMB Start

Chkconfig SMB on

4) test the success of the add domain

(1) # wbinfo–t # #测试RPC通讯, prompting succeeded to indicate success

Chetest the trust secret for domain via RPC calls succeeded

(2) # wbinfo-u # #查看域用户
Domain\guest
DOMAIN\Administrator
Domain\krbtgt
Domain\barlowliu
...... The following omit ...

(3) # #如果如上, then read normal

(4) # wbinfo-g # #查看域组
Domain\domain Computers
Domain\cert Publishers
Domain\domain Users
Domain\domain Guests
Domain\ras and IAS servers
Domain\domain Admins
Domain\schema Admins
Domain\enterprise Admins
...... The following omit ...

If you can see the users and groups in the domain after the above two commands are executed, it is OK. If prompted as follows, synchronization with the domain controller has not yet completed.

(5) Testing the NTLM component

Shutting down the firewall

Ntlm_auth--username=administrator
Password: # #输入用户密码
Nt_status_ok:success (0x0)
(6) Verify the generation domain
# NET Ads Testjoin
Join is OK

4. Create a shared directory, which is the user home directory

(1) To create a user's home directory, in this case,/apps for example, the specific directory can be self-regulation, note that the/etc/samba/smb.conf configuration file should also be changed accordingly, and to set the home directory as a shared directory,

For shared directory settings, refer to NFS file sharing

Mkdir/apps

chmod 777/apps

(2) Edit the file/etc/samba/smb.conf and add the following lines to [global]:

Template Homedir =/apps/%d/%u

Follow symlinks = yes

Wide links = yes

UNIX extensions = No

Under [homes], add the following lines:

[Homes]

Comment = Home directories

Read Only = no

writeable = yes

(3) Edit/etc/pam.d/system-auth and/etc/pam.d/sshd, and add the following line to the two files:

Session Required Pam_mkhomedir.so Skel=/etc/skel umask=0077

(4) Start the related service, execute the following three commands

Service SMB Restart

(5) The test home directory can be successfully created, on the command line SU ad domain user jhadmin, under the home directory/apps/domain to see whether to create a user's home directory (with the same name as Jhadmin directory),

If created successfully, the relevant configuration is correct.

5. Resolving different UID issues

Copy the following to/etc/samba/smb.conf's [global]

Idmap UID =20000-29999

Idmap GID =20000-29999

Idmap Config domain:backend= rid

Idmap config domain:range = 20000000-29999999 Note: domain (uppercase for short domain)

Winbind Enum Users =yes

Winbind enum groups= Yes

Winbind Separator =+

Note: If the UID is still not uniform, you need to clean up the Samba database: Rm–rf/var/lib/samba/*.tdb, and then re-add the domain.

6. Log in directly using a domain account

Restart Linux, account name input domain account, traditional hadoop\user, after the above configuration readers can directly use the user name, instead of adding a short domain name.

Windows AD domain installation and necessary settings