我配置了 Samba PDC 和 AD 域。
这是我的拓扑。
我看到 Samba PDC 正在加载 AD 用户。
带着getent passwd
命令和wbinfo -ug
指挥。
这是我的getent passwd
结果。
root@Lin-srv:~# getent passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
Debian-exim:x:101:103::/var/spool/exim4:/bin/false
statd:x:102:65534::/var/lib/nfs:/bin/false
user:x:1000:1000:user,,,:/home/user:/bin/bash
bind:x:103:106::/var/cache/bind:/bin/false
messagebus:x:104:109::/var/run/dbus:/bin/false
li01:x:1001:1001::/home/li01:/bin/bash
li02:x:1002:1002::/home/li02:/bin/bash
li03:x:1003:1003::/home/li03:/bin/bash
li04:x:1004:1004::/home/li04:/bin/bash
li05:x:1005:1005::/home/li05:/bin/bash
client-03$:x:1006:1006:client-03$ machine account:/var/lib/samba:/bin/false
client-04$:x:1007:1007:client-04$ machine account:/var/lib/samba:/bin/false
win$:x:1008:1008:win$ machine account:/var/lib/samba:/bin/false
WIN\administrator:*:10005:10004:Administrator:/home/administrator:/bin/bash
WIN\guest:*:10006:10005:Guest:/home/guest:/bin/bash
WIN\krbtgt:*:10007:10004:krbtgt:/home/krbtgt:/bin/bash
WIN\wi01:*:10004:10004:wi01:/home/wi01:/bin/bash
WIN\wi02:*:10008:10004:wi02:/home/wi02:/bin/bash
WIN\wi03:*:10009:10004:wi03:/home/wi03:/bin/bash
WIN\wi04:*:10010:10004:wi04:/home/wi04:/bin/bash
WIN\wi05:*:10011:10004:wi05:/home/wi05:/bin/bash
WIN\lin$:*:10012:10004:LIN$:/home/lin_:/bin/bash
以下是我的wbinfo -ug
结果:
root@Lin-srv:~# wbinfo -ug
root
li02
li04
li01
li03
li05
WIN\administrator
WIN\guest
WIN\krbtgt
WIN\wi01
WIN\wi02
WIN\wi03
WIN\wi04
WIN\wi05
WIN\lin$
WIN\domain computers
WIN\domain controller
WIN\schema admins
WIN\enterprise admins
WIN\domain admins
WIN\domain users
WIN\domain guests
WIN\group policy creator owners
WIN\read-only domain controllers
WIN\enterprise read-only domain controllers
WIN\dnsupdateproxy
但是 Samba 客户端有问题。每个域都有两个客户端:其中一个是 Windows 7 客户端,另一个是 Linux 客户端。
我可以使用 Windows 7 客户端登录受信任域用户,但是无法使用 Linux Samba 客户端登录受信任域用户。
smb.conf
我认为我的或有问题krb5.conf
。
因此我发布了我的 Samba PDCsmb.conf
和krb5.conf
Samba Clientsmb.conf
以及krb5.conf
这是我的 Samba PDC smb.conf
:
[global]
workgroup = LIN
server string = %h server
wins server = 192.168.0.1
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
domain logons = yes
logon path = \\lin.com\%U\profile
logon drive = H:
logon home = \\lin.com\%U
add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
add machine script = /usr/sbin/useradd -c "%u machine account" -d /var/lib/samba -s /bin/false %u
add group script = /usr/sbin/addgroup --force-badname %g
domain master = yes
local master = yes
prefered master = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%U
winbind enum groups = yes
winbind enum users = yes
usershare allow guests = yes
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %U
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
这是我的 PDC krb5.conf
(我跳过了默认设置。)
[libdefaults]
default_realm = LIN.COM
[realms]
WIN.NET = {
kdc = win.net
admin_server = win.net
}
LIN.COM = {
kdc = lin.com
admin_server = lin.com
}
[domain_realm]
.win.net = WIN.NET
win.net = WIN.NET
.lin.com = LIN.COM
lin.com = LIN.COM
这是我的 Samba 客户端smb.conf
:
[global]
workgroup = LIN
realm = lin.com
netbios name = CLIENT-04
server string = %h server
wins server = 192.168.0.1
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = domain
password server = lin.com
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
domain master = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
usershare allow guests = yes
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %U
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
我的 Samba 客户端krb5.conf
与 PDC 的相同krb5.conf
。
我需要你的帮助。我该怎么办?