Ubuntu通过samba winbind集成AD账号
2021-07-14 09:14
标签:sam mes ado glob use table ide gre share 安装软件: 输入ming.com passwd: compat winbind :wq [libdefaults] [realms] :wq 输入账号密码 [global] :wq session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 password [success=1 default=ignore] pam_winbind.so try_first_pass (将默认的use_authtok去掉) :wq 输入AD账号密码 注: 远程ssh: 给sudo权限: 给个人: zhi.ming ALL=(ALL:ALL) NOPASSWD:ALL :wq 给group(未成): %MING\domain\ users ALL=(ALL:ALL) NOPASSWD:ALL 支持图形化登陆: greeter-show-manual-login=true :wq 登陆时为ming\zhi.ming (即前要加域名) 注: 1、账号的uid和gid根据访问的先后顺利从50000开始排序(/etc/samba/smb.conf定义的),无法在AD里自定义 通过AD域账号访问samba共享: 共享homes: [homes] Ubuntu通过samba winbind集成AD账号 标签:sam mes ado glob use table ide gre share 原文地址:http://blog.51cto.com/yangzhiming/2164955apt-get install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
vi /etc/nsswitch.conf
group: compat winbind
shadow: compat winbindvi /etc/krb5.conf ([realms]下面其它的都可删掉)
default_realm = MING.COM (此处必须为大写)
spreadtrum.com = {
kdc = 10.0.0.2:88
kdc = 10.0.0.3:88
default_domain = ming.com
}kinit zhi.ming (能加域的普通AD账号即可)
klist
vi /etc/samba/smb.conf
workgroup = ming
realm = ming.com
netbios name = aa
security = ADS
dns forwarder = 10.0.0.1
idmap config *:backend = tdb
idmap config *:range = 50000-1000000
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = true
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
vi /etc/pam.d/common-account (自动创建家目录)
:wqvi /etc/pam.d/common-password
service smbd restart
service nmbd restart
net ads join -U zhi.ming (能加域的普通AD账号即可)
/etc/hosts里的主机名及域名要和加的AD域一致(不一致会加不进去)service winbind restart
wbinfo -u (查看AD里的账号信息)
wbinfo -g (查看AD里的group信息)
getent passwd | grep zhi.ming
id zhi.ming
su - zhi.ming
ssh zhi.ming@10.0.0.4
vi /etc/sudoers
vi /usr/share/lightdm/lightdm.conf/50-ubuntu.conf
greeter-hide-users=true
2、所有账号均可登录,无法通过/etc/passwd进行限制vi /etc/samba/smb.conf
comment = Home Directories
browseable = no
writable = yes
valid users = %S :wq
# service smbd restart
访问:\\ip\zhi.ming (此时不需要输用户名密码直接就可以访问自己家目录,访问不了别人的)
共享特定目录:
# vi /etc/samba/smb.conf
[share]
comment = share
path = /space/share
browseable = yes
writable = yes
valid users = MING\zhi.ming
:wq
访问:\\ip\share (此时不需要输用户名密码直接就可以访问)
上一篇:Win10企业版转专业版
文章标题:Ubuntu通过samba winbind集成AD账号
文章链接:http://soscw.com/essay/105034.html