說(shuō)明:本文為L(zhǎng)INUX加入WINDOWS域的具體情況作一些說(shuō)明,關(guān)于如何加入到域,本文不再詳述,僅提供一個(gè)配置樣板,如果有不了解的,可以再查看相關(guān)文章.　　*-====================

說(shuō)明:本文為L(zhǎng)INUX加入WINDOWS域的具體情況作一些說(shuō)明,關(guān)于如何加入到域,本文不再詳述,僅提供一個(gè)配置樣板,如果有不了解的,可以再查看相關(guān)文章.

　　*-====================-*

　　* Linux To Windows AD

　　*-====================-*

　　- 基本概念

　　* PDC - 主域控制器

　　* BDC - 備份域控制器

　　* KDC - 密鑰頒發(fā)中心,Kerberos服務(wù)器

　　* PAM - 可插撥認(rèn)證模塊

　　* SRV - DNS服務(wù)資源記錄

　　- 域模式

　　* PRC - LINUX以Windows2000/NT4樣式加入到域中

　　* ADS - 活動(dòng)目錄,Windows2003,WindowsXP

　　* 混合 - 有最好的兼容性

　　- 軟件包Sw

　　* Samba: yum install samba.* samba-common.* samba-winbind-client.*

　　* Winbind: yum install samba-winbind.*

　　* Samba4: yum install samba4.* ;A newer version of samba

　　* Kerberos5: yum install pam_krb5.* krb5-workstation.* krb5-libs.*

　　* ldconfig

　　* ldconfig -v | grep winbind

　　* ls /usr/lib/libnss_winbind.so

　　- 配置文件

　　- NSS: /etc/nsswitch.conf

　　; 指示系統(tǒng)如何查找系統(tǒng)配置文件

　　; ACTION=Modify

　　* password: files winbind

　　* group: files winbind

　　- Samba: /etc/smb.conf

　　; 與共享文件夾相關(guān)的配置

　　; DomainMode = ActiveDirectory

　　*-------------------------------*

　　[global]

　　client use spnego = no

　　server signing = auto

　　workgroup = CAMPUS

　　# The SHORT-DOMAIN name of your domain, you need to modify

　　wins support = yes

　　wins server = 10.0.0.4

　　# Controller of the domain, You need to modify it to your own

　　wins proxy = yes

　　security = ADS

　　# or AD,ADS,domain, DOMAIN is the RPC mode

　　acl compatibility = win2k

　　idmap uid = 16777216-33554431

　　# Set based on your user count

　　idmap gid = 16777216-33554431

　　password server = 10.0.0.4

　　# Domain Controller

　　map to guest = bad user

　　guest ok = no

　　realm = CAMPUS.COM

　　# You need to keep the same with file krb5.conf defined

　　# encrypt psswords = yes

　　# Encrypt PASS, not supported by some version of samba

　　winbind use default domain = yes

　　# winbind separator =

　　template homedir = /home/D/U

　　# A mode 777 should be set on /home/D

　　template shell = /bin/bash

　　[homes]

　　comment = S

　　path =/home/D/S

　　writeable = yes

　　browsable = yes

　　; valid users = S

　　valid users = CAMPUS/S

　　*-------------------------------*

　　* Kerberos: /etc/krb5.conf

　　*-------------------------------*

　　[logging]

　　default = FILE:/var/log/krb5libs.log

　　kdc = FILE:/var/log/krb5kdc.log

　　admin_server =