安裝軟體
apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules
編輯 /etc/krb5.conf
[libdefaults]
default_realm = TEST.COM
# The following krb5.conf variables are only for MIT Kerberos.
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
編輯 /etc/samba/smb.conf
[global]
workgroup = TEST
realm = TEST.DOM
security = ads
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config FD3S01 : backend = rid
idmap config FD3S01 : range = 10000-999999
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0755
directory mask = 0755
valid users = %S
root preexec = /opt/mkmyhome.sh %S %H
# hide files = /abc/ /a/ /.*/
編輯 /etc/nsswitch.conf 修改
passwd: files systemd winbind
group: files systemd winbind
編輯 /etc/pam.d/common-session 加入
# add to the end if you need (auto create a home directory at initial login)
session optional pam_mkhomedir.so skel=/etc/skel umask=077
編輯 /opt/mkmyhome.sh
#!/bin/bash
user=$1
home=$2
group="domain users"
[ -z "$user" ]&&exit 9;
[ -z "$home" ]&&exit 9;
[ -d "$home" ]&&exit 9;
mkdir -p $home -m 700 && chown "${user}:${group}" $home;
exit $?;
chmod a+x /opt/mkmyhome.sh
加入網域
net ads join -U Administrator
重啟服務
systemctl restart winbind
其他相關指令
net ads leave -U Administrator
沒有留言:
張貼留言