16.3 FreeBSD11之将Samba设置为域成员
最后更新于
这有帮助吗?
最后更新于
这有帮助吗?
# bsdconfig# vim /etc/rc.conf
hostname="fb"# vim /etc/resolv.conf
# Generated by resolvconf
search SVROS.COM //设置域控制器域名
# nameserver 192.168.253.2
nameserver 192.168.253.130 //设置域控制器IP地址
nameserver 114.114.114.114
nameserver 127.0.0.1
options edns0
# vim /etc/hosts
192.168.253.130 dc dc.svros.com DNS服务器IP地址 域控别名 域控完整主机名# freebsd-update fetch
# freebsd-update installkern.maxfiles=25600
kern.maxfilesperproc=16384
net.inet.tcp.sendspace=65536
net.inet.tcp.recvspace=65536# pkg update -f# pkg search samba
p5-Samba-LDAP-0.05_2 Manage a Samba PDC with an LDAP Backend
p5-Samba-SIDhelper-0.0.0_3 Create SIDs based on G/UIDs
samba-nsupdate-9.16.5 nsupdate utility with the GSS-TSIG support
samba411-4.11.15 Free SMB/CIFS and AD/DC server and client for Unix
samba412-4.12.9_1 Free SMB/CIFS and AD/DC server and client for Unix
samba413-4.13.1_1 Free SMB/CIFS and AD/DC server and client for Unix
# pkg install samba413[libdefaults]
default_realm = SVROS.COM //设置域名
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yesgroup: files winbind
passwd: files winbind[global]
workgroup = SVROS //工作组名
server string = Samba Server Version %v
security = ads
realm = SVROS.COM //域名
domain master = no
local master = no
preferred master = no
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
use sendfile = true
idmap config * : backend = tdb
idmap config * : range = 100000-299999
idmap config SVROS : backend = rid //需要修改短域名
idmap config SVROS : range = 10000-99999 //需要修改短域名
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/false
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba4/log.%m
max log size = 50
#============================ Share Definitions ==============================
[testshare]
comment = Test share
path = /root //共享路径
read only = no
force group = "Domain Users"
directory mode = 0770
force directory mode = 0770
create mode = 0660
force create mode = 0660# net ads join -U administrator
# net ads testjoin
Should report "Join is OK" //提示加入成功 # net ads leave - administrator# echo 'samba_server_enable="YES"' >> /etc/rc.conf
# echo 'winbindd_enable="YES"' >> /etc/rc.conf# service samba_server status
nmbd is running as pid 646.
smbd is running as pid 650.
winbindd is running as pid 656.# service samba_server start# kinit administrator //输入密码之后输出为空,直接返回到命令行
administrator@SVROS.COM's Password:
# klist //输出如下与上面账号相关的信息
Credentials cache: FILE:/tmp/krb5cc_0
Principal: administrator@SVROS.COM
Issued Expires Principal
Jan 25 19:13:12 2021 Jan 26 05:13:12 2021 krbtgt/SVROS.COM@SVROS.COMwbinfo -u
# Should return domain users
wbinfo -g
# Should return domain groups
getent passwd
# Should return domain users at the end of the list with 10000+ UIDs
getent group
# Should return domain groups at the end of the list with 10000+ GIDs# mkdir -p /samba/testshare
# chown "administrator":"domain users" /samba/testshare
# chmod 0770 /samba/testshare# /usr/local/etc/smb4.conf
[testshare]
comment = Test share
path = /samba/testshare //共享路径
read only = no
force group = "Domain Users"
directory mode = 0770
force directory mode = 0770
create mode = 0660
force create mode = 0660