|
想做个域账号来登录和访问的 linux文件服务器,遇到点问题
求高手帮助
环境:Win2003 Standard AD+DNS.
Ubuntu server 14.10 + Samba version: 2:4.1.11+dfsg-1ubuntu2.2
遇到错误描述:
从windows可以访问打开\\ubuntu samba,看得到共享目录,但是点目录进去,提示输入账号和密码,全部域账号试过都访问不了。
linux samba需要做域账号跟本地账号类似map映射之类的吗?感觉是账号权限的问题.
已经成功加入域,从win2003 AD上可以看到该ubuntu samba服务器, wbinfo -u -g可以看到域内账号和组信息。
下面给出smb.conf nsswitch.conf krb5.conf和testparm 信息, 还有其他需要提供的信息请告知。
smb.conf 设置如下:
#======================= Global Settings =======================
[global]
workgroup = MHETEST
# server string is the equivalent of the NT Description field
server string = cd-files01(Ubuntu)
security = ads
os level =33
realm = MHETEST.COM
client use spnego = yes
domain master = no
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%D/%U
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
#### Networking ####
#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone sever" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = member server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
map to guest = bad user
########## Domains ###########
############ Misc ############
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
usershare allow guests = yes
#======================= Share Definitions =======================
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0770
[testshare]
comment = test share
browseable = yes
path = /home/share
printable = no
writeable = yes
valid users = admin,test01 #是域用户,本地无此账号
write list = admin,test01 #是域用户,本地无此账号
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
; write list = root, @lpadmin
nsswitch.conf配置:
passwd: files winbind
group: files winbind
shadow: files winbind
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
krb5.conf配置:
root@CD-SRV01:~# vi /etc/krb5.conf
[libdefaults]
Default_realm = MHETEST.COM
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
MHETEST.COM = {
kdc = 192.168.3.200:88
admin_server = 192.168.3.200
default_domain = mhetest.com
}
[domain_realm]
.mhetest.com = MHETEST.COM
mhetest.com = MHETEST.COM
[login]
krb4_convert = true
krb4_get_tickets = false
testparmj结果:
root@CD-SRV01:~# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[printers]"
Processing section "[testshare]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
|
登录
注册
FAQ