Samba Winbind 在 Debian 8 中无法运行

tag-icon tag-icon linux debian samba active-directory kerberos
Samba Winbind 在 Debian 8 中无法运行

我正在基于 Debian Jessie 设置新的 samba 环境。PDC 安装成功,Windows 客户端可以加入。但加入 Linux 客户端时出现问题。

我正在按照教程SAMBA 与 Active Directory 登录共享但无法完成。我在“chgrp -R“Domain Users”/share”处失败,因为他找不到组“chgrp:无效组:???domain users???”wbinfo -u 正在运行 getent passwd 正在运行并显示域帐户但 getent passwd(DOMAINUSER)不会显示任何内容。

我将粘贴我的 smb.conf、nsswitch.conf 和 krb5.conf,请帮助我 :(

/etc/samba/smb.conf

[global]
    workgroup = x
    security = ads
    realm = x.LOCAL
    domain master = no
    local master = no
    preferred master = no
    printcap name = /etc/printcap
    load printers = no
    idmap config * : backend = tdb
    idmap config * : range = 10001-20000
    idmap config x : schema_mode = rfc2307
    idmap config x : backend = rid
    idmap config x : range = 500-20000
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind nested groups = yes
    winbind refresh tickets = yes
    winbind offline logon = true
    template homedir = /home/%D/%U
    template shell = /bin/bash
    client use spnego = yes
    client ntlmv2 auth = yes
    encrypt passwords = yes
    restrict anonymous = 2
    log file = /var/log/samba/samba.log
    log level = 2

/etc/krb5.conf

    [libdefaults]
        ticket_lifetime = 24h
        default_realm = x.LOCAL
        forwardable = true

[realms]
        x.LOCAL = {
                       kdc = pdc.fqdn
                       default_domain = x.local
                       }

[domain_realm]
        .x.local = x.LOCAL
        x.local = x.LOCAL

[kdc]
        profile = /etc/krb5kdc/kdc.conf

[appdefaults]
        pam = {
            debug = false
            ticket_lifetime = 36000
            renew_lifetime = 36000
            forwardable = tru
            krb4_convert = false
            }

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log

/etc/nsswitch.conf

passwd:         files winbind
group:          files winbind
shadow:         files winbind
gshadow:        files

hosts:          files dns wins
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

有什么想法吗?您需要更多日志文件吗?

答案1

根据您的错误消息,您的系统上可能没有“域用户”组,请执行以下操作

$ grep "Domain Users" /etc/group

可能你需要做:

# addgroup "Domain Users" (as root)

答案2

查看设置指南http://thepullen.net/wp/2013/03/using-winbind-to-resolve-active-directory-accounts-in-debian/. 还要确保 libnss-winbind 已安装。

您可以使用“wbinfo -u”测试 winbind 本身(应该返回所有域用户的巨大列表)。

命令“id xxxx”将尝试使用 system/nsswitch.conf 配置查找有关用户 xxx 的信息。通过这些,您应该能够找出问题所在。

相关内容