16.3 FreeBSD11之将Samba设置为域成员

一、系统镜像下载地址

FreeBSD-11.4-RELEASE-amd64-dvd1.iso

二、配置静态IP地址

使用如下命令配置：

# bsdconfig

三、配置主机名

# vim /etc/rc.conf

hostname="fb"

四、配置DNS

# vim /etc/resolv.conf

# Generated by resolvconf
search SVROS.COM               //设置域控制器域名
# nameserver 192.168.253.2

nameserver 192.168.253.130     //设置域控制器IP地址
nameserver 114.114.114.114 
nameserver 127.0.0.1
options edns0

五、配置hosts文件

# vim /etc/hosts

192.168.253.130  dc  dc.svros.com     DNS服务器IP地址  域控别名 域控完整主机名

六、更新系统

# freebsd-update fetch
# freebsd-update install

七、修改 /etc/sysctl.conf

kern.maxfiles=25600
kern.maxfilesperproc=16384
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536

八、升级仓库repository

# pkg update -f

九、查询和安装samba

# pkg search samba 

p5-Samba-LDAP-0.05_2           Manage a Samba PDC with an LDAP Backend
p5-Samba-SIDhelper-0.0.0_3     Create SIDs based on G/UIDs
samba-nsupdate-9.16.5          nsupdate utility with the GSS-TSIG support
samba411-4.11.15               Free SMB/CIFS and AD/DC server and client for Unix
samba412-4.12.9_1              Free SMB/CIFS and AD/DC server and client for Unix
samba413-4.13.1_1              Free SMB/CIFS and AD/DC server and client for Unix

# pkg install samba413

十、创建/etc/krb5.conf

[libdefaults]
	default_realm = SVROS.COM   //设置域名
	dns_lookup_realm = true
	dns_lookup_kdc = true
	ticket_lifetime = 24h
	renew_lifetime = 7d
	forwardable = yes

十一、修改/etc/nsswitch.conf

group: files winbind
passwd: files winbind

十二、创建/usr/local/etc/smb4.conf

[global]
	workgroup = SVROS    //工作组名
	server string = Samba Server Version %v
security = ads
realm = SVROS.COM     //域名
domain master = no
local master = no
preferred master = no
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072

use sendfile = true	 
idmap config * : backend = tdb
idmap config * : range = 100000-299999
idmap config SVROS : backend = rid         //需要修改短域名
idmap config SVROS : range = 10000-99999   //需要修改短域名
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/false		 
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba4/log.%m
max log size = 50
			 
#============================ Share Definitions ==============================
			 
[testshare]
comment = Test share    
path = /root     //共享路径
read only = no
force group = "Domain Users"
directory mode = 0770
force directory mode = 0770
create mode = 0660
force create mode = 0660

十三、将samba加入到域

# net ads join -U administrator

# net ads testjoin
  Should report "Join is OK"   //提示加入成功

（1）如果要退出域，如下命令

 # net ads leave - administrator

十四、samba相关服务设置启动和开机自启动及验证状态

# echo 'samba_server_enable="YES"' >> /etc/rc.conf
# echo 'winbindd_enable="YES"' >> /etc/rc.conf

验证samba状态

# service samba_server status
nmbd is running as pid 646.
smbd is running as pid 650.
winbindd is running as pid 656.

如果有服务没有启动，手动启动

# service samba_server start

十五、测试Test Kerberos

# kinit administrator    //输入密码之后输出为空，直接返回到命令行
administrator@SVROS.COM's Password:

# klist   //输出如下与上面账号相关的信息
        Credentials cache: FILE:/tmp/krb5cc_0
        Principal: administrator@SVROS.COM

          Issued                Expires               Principal
        Jan 25 19:13:12 2021  Jan 26 05:13:12 2021  krbtgt/SVROS.COM@SVROS.COM

十六、测试Winbind

wbinfo -u
# Should return domain users
	
wbinfo -g
# Should return domain groups
	
getent passwd
# Should return domain users at the end of the list with 10000+ UIDs
	
getent group
# Should return domain groups at the end of the list with 10000+ GIDs

十七、修改共享目录信息

# mkdir -p /samba/testshare
# chown "administrator":"domain users" /samba/testshare
# chmod 0770 /samba/testshare

# /usr/local/etc/smb4.conf

[testshare]
comment = Test share    
path = /samba/testshare     //共享路径
read only = no
force group = "Domain Users"
directory mode = 0770
force directory mode = 0770
create mode = 0660
force create mode = 0660

十八、测试，完成

参考资料：

https://samba.ninja/2018/08/freebsd-11-active-directory-member-server/

https://www.freebsd.org/doc/handbook/network-samba.html

上一页16.2 设置samba为独立服务器下一页16.4 FreeBSD12之将Samba设置为域成员

最后更新于2年前

hashtag一、系统镜像下载地址

hashtagFreeBSD-11.4-RELEASE-amd64-dvd1.isoarrow-up-right

hashtag二、配置静态IP地址

hashtag使用如下命令配置：

hashtag三、配置主机名

hashtag四、配置DNS

hashtag五、配置hosts文件

hashtag六、更新系统

hashtag七、修改 /etc/sysctl.conf

hashtag八、升级仓库repository

hashtag九、查询和安装samba

hashtag十、创建/etc/krb5.conf

hashtag十一、修改/etc/nsswitch.conf

hashtag十二、创建/usr/local/etc/smb4.conf

hashtag十三、将samba加入到域

hashtag（1）如果要退出域，如下命令

hashtag十四、samba相关服务设置启动和开机自启动及验证状态

hashtag验证samba状态

hashtag如果有服务没有启动，手动启动

hashtag十五、测试Test Kerberos

hashtag十六、测试Winbind

hashtag十七、修改共享目录信息

hashtag十八、测试，完成

hashtag参考资料：

hashtaghttps://samba.ninja/2018/08/freebsd-11-active-directory-member-server/arrow-up-right

hashtaghttps://www.freebsd.org/doc/handbook/network-samba.htmlarrow-up-right

一、系统镜像下载地址

FreeBSD-11.4-RELEASE-amd64-dvd1.iso

二、配置静态IP地址

使用如下命令配置：

三、配置主机名

四、配置DNS

五、配置hosts文件

六、更新系统

七、修改 /etc/sysctl.conf

八、升级仓库repository

九、查询和安装samba

十、创建/etc/krb5.conf

十一、修改/etc/nsswitch.conf

十二、创建/usr/local/etc/smb4.conf

十三、将samba加入到域

（1）如果要退出域，如下命令

十四、samba相关服务设置启动和开机自启动及验证状态

验证samba状态

如果有服务没有启动，手动启动

十五、测试Test Kerberos

十六、测试Winbind

十七、修改共享目录信息

十八、测试，完成

参考资料：

https://samba.ninja/2018/08/freebsd-11-active-directory-member-server/

https://www.freebsd.org/doc/handbook/network-samba.html