Eu configurei o Samba PDC e o Domínio do AD.
Aqui está a minha topologia.
insira a descrição do link aqui
E eu vi o Samba PDC carregando os usuários do AD.
Com o comando "getent passwd" e o comando "wbinfo -ug".
Aqui está o meu resultado "getent passwd".
root@Lin-srv:~#getent passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
Debian-exim:x:101:103::/var/spool/exim4:/bin/false
statd:x:102:65534::/var/lib/nfs:/bin/false
user:x:1000:1000:user,,,:/home/user:/bin/bash
bind:x:103:106::/var/cache/bind:/bin/false
messagebus:x:104:109::/var/run/dbus:/bin/false
li01:x:1001:1001::/home/li01:/bin/bash
li02:x:1002:1002::/home/li02:/bin/bash
li03:x:1003:1003::/home/li03:/bin/bash
li04:x:1004:1004::/home/li04:/bin/bash
li05:x:1005:1005::/home/li05:/bin/bash
client-03$:x:1006:1006:client-03$ machine account:/var/lib/samba:/bin/false
client-04$:x:1007:1007:client-04$ machine account:/var/lib/samba:/bin/false
win$:x:1008:1008:win$ machine account:/var/lib/samba:/bin/false
WIN\administrator::10005:10004:Administrator:/home/administrator:/bin/bash
WIN\guest::10006:10005:Guest:/home/guest:/bin/bash
WIN\krbtgt::10007:10004:krbtgt:/home/krbtgt:/bin/bash
WIN\wi01::10004:10004:wi01:/home/wi01:/bin/bash
WIN\wi02::10008:10004:wi02:/home/wi02:/bin/bash
WIN\wi03::10009:10004:wi03:/home/wi03:/bin/bash
WIN\wi04::10010:10004:wi04:/home/wi04:/bin/bash
WIN\wi05::10011:10004:wi05:/home/wi05:/bin/bash
WIN\lin$:*:10012:10004:LIN$:/home/lin_:/bin/bash
E aqui está o meu resultado "wbinfo -ug".
root@Lin-srv:~#wbinfo -ug
root
li02
li04
li01
li03
li05
WIN\administrator
WIN\guest
WIN\krbtgt
WIN\wi01
WIN\wi02
WIN\wi03
WIN\wi04
WIN\wi05
WIN\lin$
WIN\domain computers
WIN\domain controller
WIN\schema admins
WIN\enterprise admins
WIN\domain admins
WIN\domain users
WIN\domain guests
WIN\group policy creator owners
WIN\read-only domain controllers
WIN\enterprise read-only domain controllers
WIN\dnsupdateproxy
Mas. há um problema com o Samba Client
Eu tenho dois clientes para cada domínio.
Um deles é o Windows7 Client.
E outro é o Linux Samba Client.
Eu posso fazer login no usuário do domínio confiável com o Windows7 Client.
Mas não consigo fazer login no usuário de domínio confiável com o Linux Samba Client.
Eu acho que há problemas com meu smb.conf ou krb5.conf.
Então eu posto meu smb.conf e krb5.conf do meu Samba PDC, smb.conf e krb5.conf do Samba Client
Aqui está o smb.conf do meu Samba PDC
[global]
workgroup = LIN
server string = %h server
wins server = 192.168.0.1
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
pam password change = yes
map to guest = bad user
domain logons = yes
logon path = \lin.com\%U\profile logon drive = H: logon home = \lin.com\%U
add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
add machine script = /usr/sbin/useradd -c "%u machine account" -d /var/lib/samba -s /bin/false %u
add group script = /usr/sbin/addgroup --force-badname %g
domain master = yes local master = yes prefered master = yes
idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash template homedir = /home/%U
winbind enum groups = yes winbind enum users = yes
usershare allow guests = yes
[homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = %U
[printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700
[print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no
Aqui está o krb5.conf do meu PDC (ignorei a configuração padrão).
[libdefaults]
default_realm = LIN.COM[realms]
WIN.NET = {
kdc = win.net
admin_server = win.net
}
LIN.COM = {
kdc = lin.com
admin_server = lin.com
}[domain_realm]
.win.net = WIN.NET
win.net = WIN.NET
.lin.com = LIN.COM
lin.com = LIN.COM
Aqui está o smb.conf do meu cliente Samba
[global]
workgroup = LIN
realm = lin.com
netbios name = CLIENT-04server string = %h server
wins server = 192.168.0.1
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = domain password server = lin.com
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
pam password change = yes
map to guest = bad user
domain master = no
idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash
winbind enum groups = yes winbind enum users = yes winbind use default domain = yes
usershare allow guests = yes
[homes] comment = Home Directories browseable = no read only = no create mask = 0700 directory mask = 0700 valid users = %U
[printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700
[print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no
E o krb5.conf do meu cliente Samba é o mesmo com o krb5.conf do PDC
Eu preciso da sua ajuda. O que devo fazer?