redhat 4 結合 AD域認證，並以AD用戶登錄linux

Redhat 版本

Red Hat Enterprise Linux AS release 4(Nahant Update 8) 192.168.200.110

Dc

Windows2003

機器名domain.xmzq.com.cn 192.168.200.100

dc和dns 是同一臺機器

step1、 安裝一臺redhat虛擬姐，版本爲rl4

   默認安裝了所有軟件包，這樣在做是爲了測試方便，實際上是可以定製安裝的

step2、安裝完成配置主機名

   vi /etc/sysconfig/network  ----修改hostname

   如下：

     NETWORKING=yes

     HOSTNAME=redhatlinux

   vi /etc/hosts ----修改host同時加入一條新紀錄，dc的記錄

   如下：

     # Do not remove the following line, or various programs

     # that require network functionality will fail.

     192.168.200.110 redhatlinux.xxxx.com.cn redhatlinux

     192.168.200.100 XXXX.XXX.COM.CN

step3、檢查軟件是否安裝  

[root@redhatlinux home]# rpm -qa | grep samba

samba-3.0.33-0.17.el4

samba-client-3.0.33-0.17.el4

samba-common-3.0.33-0.17.el4

system-config-samba-1.2.21-1.el4.1

samba-swat-3.0.33-0.17.el4

[root@redhatlinux home]# rpm -qa | grep krb

pam_krb5-2.1.17-8.el4

krb5-server-1.3.4-62.el4

krb5-auth-dialog-0.2-1

krbafs-utils-1.2.2-6

krb5-libs-1.3.4-62.el4

krb5-workstation-1.3.4-62.el4

krbafs-devel-1.2.2-6

krb5-devel-1.3.4-62.el4

krbafs-1.2.2-6

step4、修改配置文件

/etc/samba/smb.conf

[global]

   workgroup = XXXX

   realm = XXXX.COM.CN

   server string = Samba Server Version %v

   security = ADS

   password server = 192.168.200.100

   passdb backend = tdbsam

   idmap uid = 16777216-33554431

   idmap gid = 16777216-33554431

   template homedir = /home/%U

   template shell = /bin/bash

   winbind separator = /

   winbind enum users = Yes

   winbind enum groups = Yes

   winbind use default domain = Yes

   winbind offline logon = Yes

   cups options = raw

[homes]

   comment = Home Directories

   read only = No

   browseable = No

[printers]

   comment = All Printers

   path = /var/spool/samba

   printable = Yes

   browseable = No

/etc/krb5.conf

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

[libdefaults]

default_realm = XXXX.COM.CN

dns_lookup_realm = false

dns_lookup_kdc = false

[realms]

EXAMPLE.COM = {

kdc = kerberos.example.com:88

admin_server = kerberos.example.com:749

default_domain = example.com

}

XXXX.COM.CN = {

kdc = 192.168.200.100:88

kdc = 192.168.200.100

kdc = 192.168.200.100

kdc = 192.168.200.100

}

XXXX.COM.CN = {

}

[domain_realm]

.example.com = EXAMPLE.COM

example.com = EXAMPLE.COM

[kdc]

profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]

pam = {

 debug = false

 ticket_lifetime = 36000

 renew_lifetime = 36000

 forwardable = true

 krb4_convert = false

}

/etc/nsswitch.conf

passwd:   files winbind

shadow:   files winbind

group:   files winbind

step 5、重啓smb服務和winbind

service smb restart

service winbind restart

並且加入自啓動

chkconfig smb on

chkconfig winbind on

step 6、

連通性測試

kinin [email protected]

這裏域名必須大寫

step7、

如果沒問題

net ads join -S [email protected]