我已编辑 sshd_config 文件,添加“AllowGroups
尝试过的组合:
允许组 \组名称 允许组 \组名称
答案1
Active Directory 域成员身份
首先安装必要的软件包。
apt-get install winbind libnss-winbind libpam-winbind
配置 winbind /etc/samba/smb.conf
备份原文件,并替换为以下内容。
[global]
workgroup = MYDOMAIN
netbios name = COMPUTERNAME
server string = %h with Samba %v
realm = MYDOMAIN.DE
allow trusted domains = no
idmap config * : range = 50000-59999
idmap config MYDOMAIN : default = yes
idmap config MYDOMAIN : backend = rid
idmap config MYDOMAIN : read_only = yes
idmap config MYDOMAIN : range = 50000-59999
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = yes
winbind refresh tickets = yes
winbind cache time = 1
template shell = /bin/bash
security = ADS
local master = no
encrypt passwords = true
加入 Active Directory 域
net ads join -U <Administrator>
配置安全性
需要一些手动工作。备份 /etc/security/group.conf
编辑 group.conf 并创建 pam_winbind.conf,内容如下。
pam_winbind.conf:
[global]
cached_login = yes
krb5_auth = yes
krb5_ccache_type = FILE
组配置文件
* ; * ; * ; Al0000-2400 ; floppy, audio, cdrom, video, usb, plugdev, users
/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
配置 PAM
/etc/pam-d/common-session
... pam_unix.so
session required pam_mkhomedir.so umask=0077