리눅스 SAMBA AD Join

[winbind]

* yum install samba-winbind

* 구성(도메인명: delmaster.vm IP주소: 192.168.100.101)
 * DNS 설정(추가및 수정)

 

  * vi /etc/resolv.conf

   * domain delmaster.vm (추가)
   * nameserver 192.168.100.101 * 인증 설정

 

  * vi /etc/nsswitch.conf

   * passwd: files winbind (수정)
   * shadow: files winbind (수정)
   * group: files winbind (수정) 

 

 

 * vi /etc/krb5.conf

  [libdefaults]
 default_realm = delmaster.vm (수정)
 dns_lookup_realm = true (수정)
  dns_lookup_kdc = true (수정)
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true (수정)

 

 

 

 * vi /etc/samba/smb.conf 

[global]

        workgroup = delmaster  
        server string = Samba Server Version %v
        security = ads    
        realm = delmaster.vm   
        domain master = no
        local master = no
        preferred master = no
 
        idmap backend = hash
        idmap uid = 100000000-999999999
        idmap gid = 100000000-999999999
        idmap config delmaster.vm : backend = hash
        idmap config delmaster.vm : rang = 100000000-999999999

        inherit acls = Yes         
        inherit permissions = Yes  
        map acl inherit = Yes   

        winbind separator = .   
        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes
        winbind nested groups = yes

        winbind refresh tickets = yes
        template homedir = /smb/%D/%U   
        template shell = /bin/bash
        restrict anonymous = 2             

 

[Domain Members Options]

security = ads

realm = delmaster.vm

password server = 192.168.100.101                                                         
                                                          

        winbind expand groups = 4
        vfs objects = acl_xattr
        ea support = yes

        log file = /var/log/samba/log.%m
        #log level = all:10
        max log size = 50

        store dos attributes = yes   

 

[homes]      
        comment = Home Direcotries
        valid users = %S
        read only = no
        browseable = no

 

[Share_group1]
        comment = Test share
        path = /smb/Test share
        read only = no
        valid users = @"delmaster.G-linux"   
;        force group = "Domain Users.G1"  
        directory mode = 0770
        force directory mode = 0770
        create mode = 0660
        force create mode = 0660
        access based share enum = yes
        hide unreadable = yes
        vfs objects = acl_xattr
        acl group control = yes
        write list = @"delmaster.G-linux"   

 

 

[Share]
        comment = Test share
        path = /smb/share
        read only = no
        valid users = @"delmaster.Domain Users"
        force group = "Domain Users"   
        directory mode = 0770
        force directory mode = 0770
        create mode = 0660
        force create mode = 0660
        access based share enum = yes
        hide unreadable = yes
        vfs objects = acl_xattr
        acl group control = yes
        write list = @"delmaster.Domain Users"
        browseable = yes

 

상기 내용을 아래의 파일을 통해 다운로드하세요.

smb.conf-AD.txt

 

 

* AD JOIN

 * net ads join -U administrator

 

* 서비스 재시작

 * service smb restart
 * service nmb restart
 * service winbind restart

 

 

* Join 확인

 * wbinfo -u : AD 사용자 목록 출력