Posted on 2015/12/01 19:42
Filed Under 리눅스기술문서/서버관련 조회수: view 8919


RHEL6.x 기반 samba4 + winbind 를 이용하여 windows AD 연동하기


# vi /etc/yum.repos.d/centos.repo
[base-be]
name=CentOS-6 - Base
repo=os
baseurl=http://ftp.daum.net/centos/6/os/x86_64/
enabled=1
gpgcheck=1
gpgkey=http://ftp.daum.net/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6

[updates-be]
name=CentOS-6 - Updates
baseurl=http://ftp.daum.net/centos/6/updates/x86_64/
enable=1
gpgcheck=1

[centosplus-be]
name=CentOS-6 - Plus
baseurl=http://ftp.daum.net/centos/6/centosplus/x86_64/
enabled=1
gpgcheck=1

[extras-be]
name=CentOS-6 - Extras
baseurl=http://ftp.daum.net/centos/6/extras/x86_64/
enable=1
gpgcheck=1

[fasttrack-be]
name=CentOS-6 - Fasttrack
baseurl=http://ftp.daum.net/centos/6/fasttrack/x86_64/
enabled=1
gpgcheck=1

# yum repolist

# yum remove samba samba-client samba-winbind samba-winbind-cleint
# yum  install ntpdate samba4 samba4-client samba4-winbind krb5-workstation policycoreutils-python samba4-winbind-clients

# vi /etc/resolv.conf
domain rntier272.ad
nameserver 192.168.201.50
 
# vi /etc/nsswitch.conf
passwd:     files winbind
shadow:     files
group:      files winbind

# vi /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = rntier272.ad
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[appdefaults]
  pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
  }

[realms]
 RNTIER272.AD = {
  kdc = rntier272.ad
  admin_server = rntier272.ad
 }

[domain_realm]
 .rntier272.ad = RNTIER272.AD
 rntier272.ad = RNTIER272.AD


# kinit


# vi /etc/samba/smb.conf

[global]

  follow symlinks = yes
  wide links = yes

  workgroup = RNTIER272
  server string = RNTSMP01
  security=ADS
  realm = rntier272.ad
  domain master = no
  local master = no
  preferred master = no
  idmap config *:backend = tdb
  idmap config *:range = 1000-9999
  idmap config RNTIER272:backend = ad
  idmap config RNTIER272:schema_mode = rfc2307
  idmap config RNTIER272:range = 1000-9999
  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users  = yes
  winbind enum groups = yes
  winbind refresh tickets = Yes
  winbind separator = .
  winbind nested groups = yes
  template shell = /bin/bash
  template homedir = /home/%U
  store dos attributes = yes
  inherit acls = Yes
  inherit permissions = Yes
  restrict anonymous = 2
  winbind expand groups = 4
  vfs objects = acl_xattr
  ea support = yes
  store dos attributes = yes
  inherit acls = yes
  inherit permissions = yes
  map acl inherit = yes

# log files split per-machine:
 log file = /var/log/samba/log.%m
# maximum size of 50KB per log file, then rotate:
   max log size = 50

   load printers = no
   show add printer wizard = no
   printcap name=/dev/null


[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;        valid users = %S
;        valid users = MYDOMAIN\%S

# testparm -s
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

# vi /etc/sysctl.conf
fs.file-max = 16384

# vi /etc/security/limits.conf
* soft nofile 16384
* hard nofile 32768


# mkdir /var/cache/samba

# net ads join -U administrator
#
# /etc/rc.d/init.d/winbind restart
# /etc/rc.d/init.d/smb restart
# /etc/rc.d/init.d/nmb restart

chkconfig --level 345 winbind on
chkconfig --level 345 smb on
chkconfig --level 345 nmb on


 List your AD users
# wbinfo -u
# getent passwd

 List your AD groups
# wbinfo -g
# getent group



[root@RNTSMP01 ~]# /etc/rc.d/init.d/winbind stop

Winbind 서비스를 종료함:                                   [  OK  ]
[root@RNTSMP01 ~]# /etc/rc.d/init.d/smb stop
SMB 서비스를 종료함:                                       [  OK  ]
[root@RNTSMP01 ~]# net cache flush
[root@RNTSMP01 ~]# rm -f /var/lib/samba/*.tdb
[root@RNTSMP01 ~]# rm -f /var/lib/samba/group_mapping.ldb
[root@RNTSMP01 ~]# /etc/rc.d/init.d/smb start
SMB서비스를 시작하고 있습니다:                             [  OK  ]
[root@RNTSMP01 ~]# /etc/rc.d/init.d/winbind restart

Winbind 서비스를 종료함:                                   [실패]
Winbind서비스를 시작하고 있습니다:                         [  OK  ]
Writer profile
author image
-아랑 -
2015/12/01 19:42 2015/12/01 19:42

트랙백 주소 : 이 글에는 트랙백을 보낼 수 없습니다

About

by 서진우
Twitter :@muchunalang

Counter

• Total
: 3904401
• Today
: 654
• Yesterday
: 711