RHEL6.x 기반 samba4 + winbind 를 이용하여 windows AD 연동하기
RHEL6.x 기반 samba4 + winbind 를 이용하여 windows AD 연동하기
# vi /etc/yum.repos.d/centos.repo
[base-be]
name=CentOS-6 – Base
repo=os
baseurl=http://ftp.daum.net/centos/6/os/x86_64/
enabled=1
gpgcheck=1
gpgkey=http://ftp.daum.net/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
[updates-be]
name=CentOS-6 – Updates
baseurl=http://ftp.daum.net/centos/6/updates/x86_64/
enable=1
gpgcheck=1
[centosplus-be]
name=CentOS-6 – Plus
baseurl=http://ftp.daum.net/centos/6/centosplus/x86_64/
enabled=1
gpgcheck=1
[extras-be]
name=CentOS-6 – Extras
baseurl=http://ftp.daum.net/centos/6/extras/x86_64/
enable=1
gpgcheck=1
[fasttrack-be]
name=CentOS-6 – Fasttrack
baseurl=http://ftp.daum.net/centos/6/fasttrack/x86_64/
enabled=1
gpgcheck=1
# yum repolist
# yum remove samba samba-client samba-winbind samba-winbind-cleint
# yum install ntpdate samba4 samba4-client samba4-winbind krb5-workstation policycoreutils-python samba4-winbind-clients
# vi /etc/resolv.conf
domain rntier272.ad
nameserver 192.168.201.50
# vi /etc/nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
# vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = rntier272.ad
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[realms]
RNTIER272.AD = {
kdc = rntier272.ad
admin_server = rntier272.ad
}
[domain_realm]
.rntier272.ad = RNTIER272.AD
rntier272.ad = RNTIER272.AD
# kinit
# vi /etc/samba/smb.conf
[global]
follow symlinks = yes
wide links = yes
workgroup = RNTIER272
server string = RNTSMP01
security=ADS
realm = rntier272.ad
domain master = no
local master = no
preferred master = no
idmap config *:backend = tdb
idmap config *:range = 1000-9999
idmap config RNTIER272:backend = ad
idmap config RNTIER272:schema_mode = rfc2307
idmap config RNTIER272:range = 1000-9999
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = Yes
winbind separator = .
winbind nested groups = yes
template shell = /bin/bash
template homedir = /home/%U
store dos attributes = yes
inherit acls = Yes
inherit permissions = Yes
restrict anonymous = 2
winbind expand groups = 4
vfs objects = acl_xattr
ea support = yes
store dos attributes = yes
inherit acls = yes
inherit permissions = yes
map acl inherit = yes
# log files split per-machine:
log file = /var/log/samba/log.%m
# maximum size of 50KB per log file, then rotate:
max log size = 50
load printers = no
show add printer wizard = no
printcap name=/dev/null
[homes]
comment = Home Directories
browseable = no:
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
# testparm -s
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
# vi /etc/sysctl.conf
fs.file-max = 16384
# vi /etc/security/limits.conf
* soft nofile 16384
* hard nofile 32768
# mkdir /var/cache/samba
# net ads join -U administrator
#
# /etc/rc.d/init.d/winbind restart
# /etc/rc.d/init.d/smb restart
# /etc/rc.d/init.d/nmb restart
chkconfig –level 345 winbind on
chkconfig –level 345 smb on
chkconfig –level 345 nmb on
List your AD users
# wbinfo -u
# getent passwd
List your AD groups
# wbinfo -g
# getent group
[root@RNTSMP01 ~]# /etc/rc.d/init.d/winbind stop
Winbind 서비스를 종료함: [ OK ]
[root@RNTSMP01 ~]# /etc/rc.d/init.d/smb stop
SMB 서비스를 종료함: [ OK ]
[root@RNTSMP01 ~]# net cache flush
[root@RNTSMP01 ~]# rm -f /var/lib/samba/*.tdb
[root@RNTSMP01 ~]# rm -f /var/lib/samba/group_mapping.ldb
[root@RNTSMP01 ~]# /etc/rc.d/init.d/smb start
SMB서비스를 시작하고 있습니다: [ OK ]
[root@RNTSMP01 ~]# /etc/rc.d/init.d/winbind restart
Winbind 서비스를 종료함: [실패]
Winbind서비스를 시작하고 있습니다: [ OK ]