SAMB 权限无法通过 Windows 添加组

SAMB 权限无法通过 Windows 添加组

我对 Samba 还很陌生,在允许域用户访问共享方面遇到了麻烦。我已将我的 Samba 服务器 (centos 7) 作为域成员链接到我的 AD。命令 # 领域列表显示了正确的信息,但是 ID 用户名没有显示正确的信息,但 net ads user -U admin -I serverip 确实显示了所有域用户。在 Windows 中,在共享权限中并为域用户添加组对象时,我以以下身份登录[电子邮件保护](但是我不认为这是在运行身份验证,因为其他域管理员无法登录)我单击“确定”,然后 mydomain\ 域用户会填充,因此它知道我正在使用域,但点击“应用”时显示访问被拒绝。如果我需要粘贴配置文件,请让我知道,我已附加了我认为相关的配置文件

smb配置文件

See smb.conf.example for a more detailed config 
file or
read the smb.conf manpage.
Run 'testparm' to verify the config is correct 
after
you modified it.

[global]
workgroup           = GBZ
security            = ADS
realm               = GBZ.COM
#netbios name           = smb.gbz.com   
password server         = AD.GBZ.COM
log file            = /var/log/samba/log.%m
max log size            = 50
unix extensions         = No
client signing          = required
local master            = no
domain master           = no
template homedir        = /home/%U
template shell          = /bin/bash

winbind separator       = +
winbind use default domain  = yes
winbind nss info        = rfc2307

idmap config * : range      = 16777216-33554431
idmap config * : backend    = ad.gbz.com
cups options            = raw
root preexec            = /usr/local/sbin/mkhomedir.sh %U
usershare allow guests      = yes
os level            = 20
map to guest            = bad user
host msdfs          = no 
vfs objects             = acl_xattr
map acl inherit         = yes
store dos attributes        = yes


[cnc]
path        = /srv/samba/cnc
browseable  = yes
writable    = yes
guest ok    = yes
read only   = no
public      = yes
valid users     = @"GBZ+Domain Users"
admin users     = @"GBZ+Domain Admins" 

[public]
path        = /srv/samba/public
browseable  = yes
writable    = yes
guest ok    = yes
read only   = no
public      = yes 
valid users     = @"GBZ+domain users"
admin users     = @"GBZ+Domain Admins" 


[hr]
path            = /srv/samba/hr
comment         = Sensitive infomation, authorization is required.
read only       = no

[homes]
comment     = Home Directories
valid users     = %S, %D%w%S
browseable  = No
read only   = No
inherit acls    = Yes

krb5配置文件

# Configuration snippets may be placed in this directory as well

includedir /var/lib/sss/pubconf/krb5.include.d/

[libdefaults]
ticket_lifetime     = 600
defualt_realm       = GBZ.COM
dns_lookup_realm    = false
dns_lookup_kdc      = true

defualt_tkt_enctypes    = des3-hmac-sha1 des-cbc-crc
defualt_tgs_enctypes    = des3-hmac-sha1 des-cbc-crc


[realms]
GBZ.COM = {
    defualt_domain = gbz.com
}

 [domain_realm]
    .gbz.com = GBZ.COM
     gbz.com = GBZ.COM
 [kdc]
     profile = /etc/krb5kdc/kdc.conf
[logging]
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmin.log
     defualt = FILE:/var/log/krb5lib.logog

nsswitch.conf

 passwd:     compat files winbind
 shadow:     compat files winbind
 group:      compat files
 #initgroups: files sss


 bootparams: nisplus [NOTFOUND=return] files

 ethers:        db files
 netmasks:      db files
 networks:      db files
 protocols:     db files
 rpc:           db files
 services:      db files 

 netgroup:   nis

 publickey:  nisplus

 automount:  files sss
 aliases:    files nisplus

非常感谢任何帮助

相关内容