close

第一節、Linux採用AD認證
   假設 區域網路中AD主機為 server.test.com.tw 、IP為192.168.0.86
  (一).設定samba
[root@linux2 /]# vi /etc/samba/smb.comf
    [global]

# workgroup = NT-Domain-Name or Workgroup-Name
     workgroup = test  ---指定網域名稱
     realm = test.com.tw  ---完整網域名稱
# server string is the equivalent of the NT Description field
 netbios name = Data_Server ---Samba主機名稱
     server string = Linux  --- 主機描述
……………………………………………………………………………
…………………………………………………………………………………….
# Security mode. Most people will want user level security. See
# security_level.txt for details.
    security = ads  ---設定安全等級為AD ,表示由AD來做帳號認證
# Use password server option only with security = server
;   password server = <NT-Server-Name>
     password server = server.test.com.tw
   
# Password Level allows matching of _n_ characters of the password
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes ---採用編碼方式傳遞密碼
;  smb passwd file = /etc/samba/smbpasswd


存檔離開
  (二) 如果沒有DNS做轉址,那必須修改hosts檔,位置在 /etc/hosts
    [root@linux2 /]# vi /etc/hosts
    # Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1           linux2.test.com.tw linux2 localhost.localdomain localhost
192.168.0.86          server.test.com.tw test.com.tw

  (三) 修改Kerberos 位置在 /etc/krb5.conf
[logging]
   default = FILE:/var/log/krb5libs.log
   kdc = FILE:/var/log/krb5kdc.log
   admin_server = FILE:/var/log/kadmind.log

[libdefaults]
   default_realm = SERVER.TEST.COM.TW ---改成AD主機
   dns_lookup_realm = false
   dns_lookup_kdc = false

[realms]
   TEST.COM.TW = {  ---改成網域
   kdc = SERVER.TEST.COM.TW:88
   admin_server = SERVER.TEST.COM.TW:749 ---AD主機名稱
   default_domain = TEST.COM.TW ----網域名稱
  }

[domain_realm]
  .example.com = TEST.COM.TW
  .example.com = TEST.COM.TW

   (四) 修改 /var/kerberos/krb5kdc/kdc.conf  (如果沒有此檔案,則代表未安裝krb5-server,請由光碟安裝)
   [root@linux2 /]#vi /var/Kerberos/krb5kdc/kdc.conf
[kdcdefaults]
acl_file = /var/Kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/word
admin_keytab = /var/Kerberos/krb5kdc/kadm5.keytab
v4_mode = nopreauth

 [realms]
TEST.COM.TW = {   ---網域名稱
Master_key_type = des-cdc-crc
Supported_enctypes = arcfour-hmac:normal arcfour-hma

 

 

----------------------------------------------------------------------------------------------------

如何任何疑問,可來電02-22429995 希文資訊 洽詢,將有專人為您服務

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 翰 的頭像

    Linux 技術資源站

    翰 發表在 痞客邦 留言(0) 人氣()