How to add Linux Samba to AD

作者佚名技术来源 Linux系统浏览发布时间 2012-05-15

files nisplus
[Steps -- how to join to domain] 1. kinit--- obtain and cache Kerberos ticket-granting ticket kinit administrator@800BEST.NET [root@siptest etc]# kinit administrator@800BEST.NET
[root@siptest etc]#Password for administrator@800BEST.NET: [root@siptest etc]# it works well 2. Verify if the Samba service is running by typing: ps -ef | grep nmbd
~#ps -ef | grep smbd 3.
Execute the following command line (you must be connected as root)
~#net join -U Administrator
Administrator is the name of the domain controller admin. Enter your password when prompted. If everything works fine, the Linux server has been registered to the Windows domain. 4. Verify now if the winbindd daemon is running:
~#ps -ef | grep winbindd check trust has been established between samba and AD:
~#wbinfo -t
checking the trust secret via RPC calls succeeded
5. Try next if you can authenticate a user from the domain: ~#wbinfo -a user%password e.g ~#wbinfo -a bl00250%Iloveyou~!@#$% challenge/response password authentication succeeded
6. Type the following line:
root@siptest# ntlm_auth --request-nt-key --domain=<your domain> --username= <your username>
For me, the command would look like this:
[root@siptest]# ntlm_auth --request-nt-key --domain=800BEST --username=bl00250 [root@siptest ~]# ntlm_auth --request-nt-key --domain=800BEST --username=bl00250
password:
NT_STATUS_OK: Success (0x0)

WARNING!!! When called by radiusd - thus directly setting the challenge value - the ntlm_auth program needs permission to access winbindd''s winbindd_privileged directory (somewhere under /var). According to my experiences read access will suffice. The radiusd.conf file sets the uid and gid your radiusd process will run as (by the user and group directives, respectively). The ntlm_auth process will have the same identity. If your filesystem containing the winbindd_privileged directory supports POSIX ACLs, you can safely grant ntlm_auth the necessary permissions, in case your disribution''s default setting were insufficient. If radiusd runs as the user radiusd for example, then you should use setfacl the following way: setfacl -m u:radiusd:rx winbindd_privileged
Or something like that. See [url]http://www.suse.de/~agruen/acl/linux-acls/online/[/url] or man setfacl about POSIX ACLs!
Add share edit /etc/samba/smb.conf and add lines like following
************** [share]
comment = shared folder
path = /var/spool/share
browseable = yes
guest ok = no
writable = yes
valid users = 800BESTbl00250 ************************ then ~#chown ''800BESTbl00250'':''800BESTdomain users'' /var/spool/share

[troubleshooting] 1. how to resolve "Failed to join domain: Type or value exists" ~# net join -U administrator
Administrator''s password:
Using short domain name -- 800BEST
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain A

凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务，公司网站：http://www.lingzhong.cn 为了给广大客户了解更多的技术信息，本技术文章收集来源于网络,凌众科技尊重文章作者的版权，如果有涉及你的版权有必要删除你的文章，请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!

分享到：更多

你可能对下面的文章感兴趣

上一篇: Linux/Unix环境下的make和makefile详解下一篇: 博主将全力推荐零起点linux视频学习教程

关于How to add Linux Samba to AD的所有评论

随机推荐