{"id":10307,"date":"2021-02-15T07:02:44","date_gmt":"2021-02-14T23:02:44","guid":{"rendered":"http:\/\/blog.idc.net\/10307\/"},"modified":"2022-04-29T14:34:14","modified_gmt":"2022-04-29T06:34:14","slug":"samba-%e7%b3%bb%e5%88%97%ef%bc%88%e4%ba%94%ef%bc%89%ef%bc%9a%e5%b0%86%e5%8f%a6%e4%b8%80%e5%8f%b0-ubuntu-dc-%e6%9c%8d%e5%8a%a1%e5%99%a8%e5%8a%a0%e5%85%a5%e5%88%b0-samba-dc-%e5%ae%9e%e7%8e%b0%e5%8f%8c","status":"publish","type":"post","link":"https:\/\/idc.net\/help\/10307\/","title":{"rendered":"Samba \u7cfb\u5217\uff08\u4e94\uff09\uff1a\u5c06\u53e6\u4e00\u53f0 Ubuntu DC \u670d\u52a1\u5668\u52a0\u5165\u5230 Samba DC \u5b9e\u73b0\u53cc\u57df\u63a7\u4e3b\u673a\u6a21\u5f0f"},"content":{"rendered":"
\n

\u8fd9\u7bc7\u6587\u7ae0\u5c06\u8bb2\u89e3\u5982\u4f55\u4f7f\u7528 Ubuntu 16.04<\/strong> \u670d\u52a1\u5668\u7248\u7cfb\u7edf\u6765\u521b\u5efa\u7b2c\u4e8c\u53f0 Samba4<\/strong> \u57df\u63a7\u5236\u5668\uff0c\u5e76\u5c06\u5176\u52a0\u5165\u5230\u5df2\u521b\u5efa\u597d\u7684 Samba AD DC<\/strong> \u6797\u73af\u5883\u4e2d\uff0c\u4ee5\u4fbf\u4e3a\u4e00\u4e9b\u5173\u952e\u7684 AD DC \u670d\u52a1\u63d0\u4f9b\u8d1f\u8f7d\u5747\u8861\u53ca\u6545\u969c\u5207\u6362\u529f\u80fd\uff0c\u5c24\u5176\u662f\u4e3a\u90a3\u4e9b\u91cd\u8981\u7684\u670d\u52a1\uff0c\u6bd4\u5982 DNS \u670d\u52a1\u548c\u4f7f\u7528 SAM \u6570\u636e\u5e93\u7684 AD DC LDAP \u6a21\u5f0f\u3002<\/p>\n

\u9700\u6c42<\/h3>\n

\u8fd9\u7bc7\u6587\u7ae0\u662f Samba4 AD DC<\/strong> \u7cfb\u5217\u7684\u7b2c\u4e94<\/strong>\u7bc7\uff0c\u524d\u8fb9\u51e0\u7bc7\u5982\u4e0b\uff1a<\/p>\n

1\u3001\u5728 Ubuntu \u7cfb\u7edf\u4e0a\u4f7f\u7528 Samba4 \u6765\u521b\u5efa\u6d3b\u52a8\u76ee\u5f55\u67b6\u6784<\/p>\n

2\u3001\u5728 Linux \u547d\u4ee4\u884c\u4e0b\u7ba1\u7406 Samba4 AD \u67b6\u6784<\/p>\n

3\u3001\u4f7f\u7528 Windows 10 \u7684 RSAT \u5de5\u5177\u6765\u7ba1\u7406 Samba4 \u6d3b\u52a8\u76ee\u5f55\u67b6\u6784<\/p>\n

4\u3001\u5728 Windows \u4e0b\u7ba1\u7406 Samba4 AD \u57df\u7ba1\u5236\u5668 DNS \u548c\u7ec4\u7b56\u7565<\/p>\n

\u7b2c\u4e00\u6b65\uff1a\u4e3a\u8bbe\u7f6e Samba4 \u8fdb\u884c\u521d\u59cb\u5316\u914d\u7f6e<\/h3>\n

1\u3001\u5728\u5f00\u59cb\u628a\u7b2c\u4e8c\u4e2a DC \u670d\u52a1\u5668\u52a0\u5165\u5230 Samba4 AD DC<\/strong> \u57df\u73af\u5883\u4e4b\u524d\uff0c\u4f60\u9700\u8981\u6ce8\u610f\u4e00\u4e9b\u521d\u59cb\u5316\u8bbe\u7f6e\u4fe1\u606f\uff0c\u9996\u5148\uff0c\u786e\u4fdd\u8fd9\u4e2a\u65b0\u7cfb\u7edf\u7684\u4e3b\u673a\u540d<\/strong>\u5305\u542b\u63cf\u8ff0\u6027\u540d\u79f0\u3002<\/p>\n

\u5047\u8bbe\u7b2c\u4e00\u4e2a\u57df\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\u53eb\u505a adc1<\/code> \uff0c\u4f60\u53ef\u4ee5\u628a\u7b2c\u4e8c\u4e2a\u57df\u670d\u52a1\u5668\u547d\u540d\u4e3a adc2<\/code>\uff0c\u4ee5\u4fdd\u6301\u57df\u63a7\u5236\u5668\u540d\u79f0\u7684\u4e00\u81f4\u6027\u3002<\/p>\n

\u6267\u884c\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4fee\u6539\u7cfb\u7edf\u4e3b\u673a\u540d<\/strong>\uff1a<\/p>\n

# hostnamectl set-hostname adc2\r\n<\/code><\/pre>\n
\u6216\u8005\u4f60\u4e5f\u53ef\u4ee5\u624b\u52a8\u7f16\u8f91 \/etc\/hostname<\/code> \u6587\u4ef6\uff0c\u5728\u65b0\u7684\u4e00\u884c\u8f93\u5165\u4f60\u60f3\u8bbe\u7f6e\u7684\u4e3b\u673a\u540d\u3002<\/p>\n
# nano \/etc\/hostname\r\n<\/code><\/pre>\n
\u8fd9\u91cc\u6dfb\u52a0\u4e3b\u673a\u540d\u3002<\/p>\n
adc2\r\n<\/code><\/pre>\n
2\u3001\u4e0b\u4e00\u6b65\uff0c\u6253\u5f00\u672c\u5730\u7cfb\u7edf\u89e3\u6790\u6587\u4ef6\u5e76\u6dfb\u52a0\u4e00\u4e2a\u6761\u76ee\uff0c\u5305\u542b\u4e3b\u57df\u63a7\u5236\u5668\u7684 IP \u5730\u5740\u548c FQDN \u540d\u79f0\u3002\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\u5728\u8fd9\u7bc7\u6559\u7a0b\u4e2d\uff0c\u4e3b\u57df\u63a7\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\u4e3a adc1.tecmint.lan<\/code> \uff0c\u5176\u5bf9\u5e94\u7684 IP \u5730\u5740\u4e3a 192.168.1.254 \u3002<\/p>\n
# nano \/etc\/hosts\r\n<\/code><\/pre>\n
\u6dfb\u52a0\u5982\u4e0b\u884c\uff1a<\/p>\n
IP_of_main_DC       FQDN_of_main_DC     short_name_of_main_DC\r\n<\/code><\/pre>\n
\"Set<\/p>\n
\u4e3a Samba4 AD DC \u670d\u52a1\u5668\u8bbe\u7f6e\u4e3b\u673a\u540d<\/em><\/p>\n
3\u3001\u4e0b\u4e00\u6b65\uff0c\u6253\u5f00 \/etc\/network\/interfaces<\/code> \u914d\u7f6e\u6587\u4ef6\u5e76\u8bbe\u7f6e\u4e00\u4e2a\u9759\u6001 IP \u5730\u5740\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\u6ce8\u610f dns-nameservers<\/code> \u548c dns-search<\/code> \u8fd9\u4e24\u4e2a\u53c2\u6570\u7684\u503c\u3002\u4e3a\u4e86\u4f7f DNS \u89e3\u6790\u6b63\u5e38\u5de5\u4f5c\uff0c\u9700\u8981\u628a\u8fd9\u4e24\u4e2a\u503c\u8bbe\u7f6e\u6210\u4e3b Samba4 AD DC \u670d\u52a1\u5668\u7684 IP \u5730\u5740\u548c\u57df\u540d\u3002<\/p>\n
\u91cd\u542f\u7f51\u5361\u670d\u52a1\u4ee5\u8ba9\u4fee\u6539\u7684\u914d\u7f6e\u751f\u6548\u3002\u68c0\u67e5 \/etc\/resolv.conf<\/code> \u6587\u4ef6\uff0c\u786e\u4fdd\u8be5\u7f51\u5361\u4e0a\u914d\u7f6e\u7684\u8fd9\u4e24\u4e2a DNS \u7684\u503c\u5df2\u66f4\u65b0\u5230\u8fd9\u4e2a\u6587\u4ef6\u3002<\/p>\n
# nano \/etc\/network\/interfaces\r\n<\/code><\/pre>\n
\u7f16\u8f91\u5e76\u66ff\u6362\u4f60\u81ea\u5b9a\u4e49\u7684 IP \u8bbe\u7f6e\uff1a<\/p>\n
auto ens33\r\niface ens33 inet static\r\naddress 192.168.1.253\r\nnetmask 255.255.255.0\r\nbrodcast 192.168.1.1\r\ngateway 192.168.1.1\r\ndns-nameservers 192.168.1.254\r\ndns-search tecmint.lan\r\n<\/code><\/pre>\n
\u91cd\u542f\u7f51\u5361\u670d\u52a1\u5e76\u786e\u8ba4\u751f\u6548\u3002<\/p>\n
# systemctl restart networking.service\r\n# cat \/etc\/resolv.conf\r\n<\/code><\/pre>\n
\"Configure<\/p>\n
\u914d\u7f6e Samba4 AD \u670d\u52a1\u5668\u7684 DNS<\/em><\/p>\n
\u5f53\u4f60\u901a\u8fc7\u7b80\u5199\u540d\u79f0\uff08\u7528\u4e8e\u6784\u5efa FQDN \u540d\uff09\u67e5\u8be2\u4e3b\u673a\u540d\u65f6\uff0c dns-search<\/code> \u503c\u5c06\u4f1a\u81ea\u52a8\u628a\u57df\u540d\u6dfb\u52a0\u4e0a\u3002<\/p>\n
4\u3001\u4e3a\u4e86\u6d4b\u8bd5 DNS \u89e3\u6790\u662f\u5426\u6b63\u5e38\uff0c\u4f7f\u7528\u4e00\u7cfb\u5217 ping \u547d\u4ee4\u6d4b\u8bd5\uff0c\u547d\u4ee4\u540e\u5206\u522b\u4e3a\u7b80\u5199\u540d\uff0c FQDN \u540d\u548c\u57df\u540d\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\u5728\u6240\u6709\u6d4b\u8bd5\u7528\u4f8b\u4e2d\uff0cSamba4 AD DC DNS<\/strong> \u670d\u52a1\u5668\u90fd\u5e94\u8be5\u8fd4\u56de\u4e3b\u57df\u63a7\u670d\u52a1\u5668\u7684 IP \u5730\u5740\u3002<\/p>\n
\"Verify<\/p>\n
\u9a8c\u8bc1 Samba4 AD \u73af\u5883 DNS \u89e3\u6790\u662f\u5426\u6b63\u5e38<\/em><\/p>\n
5\u3001\u6700\u540e\u4f60\u9700\u8981\u6ce8\u610f\u7684\u662f\u786e\u4fdd\u8fd9\u4e2a\u4e3b\u673a\u8ddf\u57df\u63a7\u670d\u52a1\u5668\u65f6\u95f4\u540c\u6b65\u3002\u4f60\u53ef\u4ee5\u901a\u8fc7\u4e0b\u9762\u7684\u547d\u4ee4\u5728\u7cfb\u7edf\u4e0a\u5b89\u88c5 NTP<\/strong> \u5ba2\u6237\u7aef\u5de5\u5177\u6765\u5b9e\u73b0\u65f6\u95f4\u540c\u6b65\u529f\u80fd\uff1a<\/p>\n
# apt-get install ntpdate\r\n<\/code><\/pre>\n
6\u3001\u5047\u8bbe\u4f60\u60f3\u624b\u52a8\u5f3a\u5236\u672c\u5730\u670d\u52a1\u5668\u4e0e samba4 AD DC<\/strong> \u670d\u52a1\u5668\u65f6\u95f4\u540c\u6b65\uff0c\u4f7f\u7528 ntpdate<\/code> \u547d\u4ee4\u52a0\u4e0a\u4e3b\u57df\u63a7\u670d\u52a1\u5668\u7684\u4e3b\u673a\u540d\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n
# ntpdate adc1\r\n<\/code><\/pre>\n
\"Time<\/p>\n
\u4e0e Samba4 AD \u670d\u52a1\u5668\u8fdb\u884c\u65f6\u95f4\u540c\u6b65<\/em><\/p>\n
\u7b2c 2 \u6b65\uff1a\u5b89\u88c5 Samba4 \u5fc5\u987b\u7684\u4f9d\u8d56\u5305<\/h3>\n
7\u3001\u4e3a\u4e86\u8ba9 Ubuntu 16.04<\/strong> \u7cfb\u7edf\u52a0\u5165\u5230\u4f60\u7684\u57df\u4e2d\uff0c\u4f60\u9700\u8981\u901a\u8fc7\u4e0b\u9762\u7684\u547d\u4ee4\u4ece Ubuntu \u5b98\u65b9\u8f6f\u4ef6\u5e93\u4e2d\u5b89\u88c5 Samba4 \u5957\u4ef6\u3001 Kerberos \u5ba2\u6237\u7aef<\/strong> \u548c\u5176\u5b83\u4e00\u4e9b\u91cd\u8981\u7684\u8f6f\u4ef6\u5305\u4ee5\u4fbf\u5c06\u6765\u4f7f\u7528\uff1a<\/p>\n
# apt-get install samba krb5-user krb5-config winbind libpam-winbind libnss-winbind\r\n<\/code><\/pre>\n
\"Install<\/p>\n
\u5728 Ubuntu \u7cfb\u7edf\u4e2d\u5b89\u88c5 Samba4<\/em><\/p>\n
8\u3001\u5728\u5b89\u88c5\u7684\u8fc7\u7a0b\u4e2d\uff0c\u4f60\u9700\u8981\u63d0\u4f9b Kerberos \u57df\u540d\u3002\u8f93\u5165\u5927\u5199\u7684\u57df\u540d\u7136\u540e\u6309\u56de\u8f66\u952e\u5b8c\u6210\u5b89\u88c5\u8fc7\u7a0b\u3002<\/p>\n
\"Configure<\/p>\n
\u4e3a Samba4 \u914d\u7f6e Kerberos \u8ba4\u8bc1<\/em><\/p>\n
9\u3001\u6240\u6709\u4f9d\u8d56\u5305\u5b89\u88c5\u5b8c\u6210\u540e\uff0c\u901a\u8fc7\u4f7f\u7528 kinit<\/code> \u547d\u4ee4\u4e3a\u57df\u7ba1\u7406\u5458\u8bf7\u6c42\u4e00\u4e2a Kerberos \u7968\u636e\u4ee5\u9a8c\u8bc1\u8bbe\u7f6e\u662f\u5426\u6b63\u786e\u3002\u4f7f\u7528 klist<\/code> \u547d\u4ee4\u6765\u5217\u51fa\u5df2\u6388\u6743\u7684 kerberos \u7968\u636e\u4fe1\u606f\u3002<\/p>\n
# kinit domain-admin-user@YOUR_DOMAIN.TLD\r\n# klist\r\n<\/code><\/pre>\n
\"Verify<\/p>\n
\u5728 Samba4 \u57df\u73af\u5883\u4e2d\u9a8c\u8bc1 Kerberos<\/em><\/p>\n
\u7b2c 3 \u6b65\uff1a\u4ee5\u57df\u63a7\u5236\u5668\u7684\u8eab\u4efd\u52a0\u5165\u5230 Samba4 AD DC<\/h3>\n
10\u3001\u5728\u628a\u4f60\u7684\u673a\u5668\u96c6\u6210\u5230 Samba4 DC<\/strong> \u73af\u5883\u4e4b\u524d\uff0c\u5148\u628a\u7cfb\u7edf\u4e2d\u6240\u6709\u8fd0\u884c\u7740\u7684 Samba4 \u670d\u52a1\u505c\u6b62\uff0c\u5e76\u4e14\u91cd\u547d\u540d\u9ed8\u8ba4\u7684 Samba \u914d\u7f6e\u6587\u4ef6\u4ee5\u4fbf\u4ece\u5934\u5f00\u59cb\u3002\u5728\u57df\u63a7\u5236\u5668\u914d\u7f6e\u7684\u8fc7\u7a0b\u4e2d\uff0c Samba \u5c06\u4f1a\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n
# systemctl stop samba-ad-dc smbd nmbd winbind\r\n# mv \/etc\/samba\/smb.conf \/etc\/samba\/smb.conf.initial\r\n<\/code><\/pre>\n
11\u3001\u5728\u51c6\u5907\u52a0\u5165\u57df\u524d\uff0c\u5148\u542f\u52a8 samba-ad-dc<\/strong> \u670d\u52a1\uff0c\u4e4b\u540e\u4f7f\u7528\u57df\u7ba1\u7406\u5458\u8d26\u53f7\u8fd0\u884c samba-tool<\/code> \u547d\u4ee4\u5c06\u670d\u52a1\u5668\u52a0\u5165\u5230\u57df\u3002<\/p>\n
# samba-tool domain join your_domain -U \"your_domain_admin\"\r\n<\/code><\/pre>\n
\u52a0\u5165\u57df\u8fc7\u7a0b\u90e8\u5206\u622a\u56fe:<\/p>\n
# samba-tool domain join tecmint.lan DC -U \"tecmint_user\"\r\n<\/code><\/pre>\n
\u8f93\u51fa\u793a\u4f8b\uff1a<\/p>\n
Finding a writeable DC for domain 'tecmint.lan'\r\nFound DC adc1.tecmint.lan\r\nPassword for [WORKGROUP\\tecmint_user]:\r\nworkgroup is TECMINT\r\nrealm is tecmint.lan\r\nchecking sAMAccountName\r\nDeleted CN=ADC2,CN=Computers,DC=tecmint,DC=lan\r\nAdding CN=ADC2,OU=Domain Controllers,DC=tecmint,DC=lan\r\nAdding CN=ADC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tecmint,DC=lan\r\nAdding CN=NTDS Settings,CN=ADC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tecmint,DC=lan\r\nAdding SPNs to CN=ADC2,OU=Domain Controllers,DC=tecmint,DC=lan\r\nSetting account password for ADC2$\r\nEnabling account\r\nCalling bare provision\r\nLooking up IPv4 addresses\r\nLooking up IPv6 addresses\r\nNo IPv6 address will be assigned\r\nSetting up share.ldb\r\nSetting up secrets.ldb\r\nSetting up the registry\r\nSetting up the privileges database\r\nSetting up idmap db\r\nSetting up SAM db\r\nSetting up sam.ldb partitions and settings\r\nSetting up sam.ldb rootDSE\r\nPre-loading the Samba 4 and AD schema\r\nA Kerberos configuration suitable for Samba 4 has been generated at \/var\/lib\/samba\/private\/krb5.conf\r\nProvision OK for domain DN DC=tecmint,DC=lan\r\nStarting replication\r\nSchema-DN[CN=Schema,CN=Configuration,DC=tecmint,DC=lan] objects[402\/1550] linked_values[0\/0]\r\nSchema-DN[CN=Schema,CN=Configuration,DC=tecmint,DC=lan] objects[804\/1550] linked_values[0\/0]\r\nSchema-DN[CN=Schema,CN=Configuration,DC=tecmint,DC=lan] objects[1206\/1550] linked_values[0\/0]\r\nSchema-DN[CN=Schema,CN=Configuration,DC=tecmint,DC=lan] objects[1550\/1550] linked_values[0\/0]\r\nAnalyze and apply schema objects\r\nPartition[CN=Configuration,DC=tecmint,DC=lan] objects[402\/1614] linked_values[0\/0]\r\nPartition[CN=Configuration,DC=tecmint,DC=lan] objects[804\/1614] linked_values[0\/0]\r\nPartition[CN=Configuration,DC=tecmint,DC=lan] objects[1206\/1614] linked_values[0\/0]\r\nPartition[CN=Configuration,DC=tecmint,DC=lan] objects[1608\/1614] linked_values[0\/0]\r\nPartition[CN=Configuration,DC=tecmint,DC=lan] objects[1614\/1614] linked_values[28\/0]\r\nReplicating critical objects from the base DN of the domain\r\nPartition[DC=tecmint,DC=lan] objects[97\/97] linked_values[24\/0]\r\nPartition[DC=tecmint,DC=lan] objects[380\/283] linked_values[27\/0]\r\nDone with always replicated NC (base, config, schema)\r\nReplicating DC=DomainDnsZones,DC=tecmint,DC=lan\r\nPartition[DC=DomainDnsZones,DC=tecmint,DC=lan] objects[45\/45] linked_values[0\/0]\r\nReplicating DC=ForestDnsZones,DC=tecmint,DC=lan\r\nPartition[DC=ForestDnsZones,DC=tecmint,DC=lan] objects[18\/18] linked_values[0\/0]\r\nCommitting SAM database\r\nSending DsReplicaUpdateRefs for all the replicated partitions\r\nSetting isSynchronized and dsServiceName\r\nSetting up secrets database\r\nJoined domain TECMINT (SID S-1-5-21-715537322-3397311598-55032968) as a DC\r\n<\/code><\/pre>\n
\"Join<\/p>\n
\u628a\u57df\u52a0\u5165\u5230 Samba4 AD DC<\/em><\/p>\n
12\u3001\u5728\u5df2\u5b89\u88c5\u4e86 Samba4 \u5957\u4ef6\u7684 Ubuntu \u7cfb\u7edf\u52a0\u5165\u57df\u4e4b\u540e\uff0c\u6253\u5f00 Samba \u4e3b\u914d\u7f6e\u6587\u4ef6\u6dfb\u52a0\u5982\u4e0b\u884c\uff1a<\/p>\n
# nano \/etc\/samba\/smb.conf\r\n<\/code><\/pre>\n
\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\u5230 smb.conf<\/code> \u914d\u7f6e\u6587\u4ef6\u4e2d\u3002<\/p>\n
dns forwarder = 192.168.1.1\r\nidmap_ldb:use rfc2307 = yes\r\ntemplate shell = \/bin\/bash\r\nwinbind use default domain = true\r\nwinbind offline logon = false\r\nwinbind nss info = rfc2307\r\nwinbind enum users = yes\r\nwinbind enum groups = yes\r\n<\/code><\/pre>\n
\u4f7f\u7528\u4f60\u81ea\u5df1\u7684 DNS \u8f6c\u53d1\u5668 IP<\/strong> \u5730\u5740\u66ff\u6362\u6389\u4e0a\u9762 dns forwarder<\/code> \u5730\u5740\u3002 Samba \u5c06\u4f1a\u628a\u57df\u6743\u5a01\u533a\u4e4b\u5916\u7684\u6240\u6709 DNS \u89e3\u6790\u67e5\u8be2\u8f6c\u53d1\u5230\u8fd9\u4e2a IP \u5730\u5740\u3002<\/p>\n
13\u3001\u6700\u540e\uff0c\u91cd\u542f samba \u670d\u52a1\u4ee5\u4f7f\u4fee\u6539\u7684\u914d\u7f6e\u751f\u6548\uff0c\u7136\u540e\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u6765\u68c0\u67e5\u6d3b\u52a8\u76ee\u5f55\u590d\u5236\u529f\u80fd\u662f\u5426\u6b63\u5e38\u3002<\/p>\n
# systemctl restart samba-ad-dc\r\n# samba-tool drs showrepl\r\n<\/code><\/pre>\n
\"Configure<\/p>\n
\u914d\u7f6e Samba4 DNS<\/em><\/p>\n
14\u3001\u53e6\u5916\uff0c\u8fd8\u9700\u8981\u91cd\u547d\u540d\u539f\u6765\u7684 \/etc<\/code>\u4e0b\u7684 kerberos \u914d\u7f6e\u6587\u4ef6\uff0c\u5e76\u4f7f\u7528\u5728\u52a0\u5165\u57df\u7684\u8fc7\u7a0b\u4e2d Samba \u751f\u6210\u7684\u65b0\u914d\u7f6e\u6587\u4ef6 krb5.conf \u66ff\u6362\u5b83\u3002<\/p>\n
Samba \u751f\u6210\u7684\u65b0\u914d\u7f6e\u6587\u4ef6\u5728 \/var\/lib\/samba\/private<\/code> \u76ee\u5f55\u4e0b\u3002\u4f7f\u7528 Linux \u7684\u7b26\u53f7\u94fe\u63a5\u5c06\u8be5\u6587\u4ef6\u94fe\u63a5\u5230 \/etc<\/code> \u76ee\u5f55\u3002<\/p>\n
# mv \/etc\/krb6.conf \/etc\/krb5.conf.initial\r\n# ln -s \/var\/lib\/samba\/private\/krb5.conf \/etc\/\r\n# cat \/etc\/krb5.conf\r\n<\/code><\/pre>\n
\"Configure<\/p>\n
\u914d\u7f6e Kerberos<\/em><\/p>\n
15\u3001\u540c\u6837\uff0c\u4f7f\u7528 samba \u7684 krb5.conf<\/code> \u914d\u7f6e\u6587\u4ef6\u9a8c\u8bc1 Kerberos \u8ba4\u8bc1\u662f\u5426\u6b63\u5e38\u3002\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u6765\u8bf7\u6c42\u4e00\u4e2a\u7ba1\u7406\u5458\u8d26\u53f7\u7684\u7968\u636e\u5e76\u4e14\u5217\u51fa\u5df2\u7f13\u5b58\u7684\u7968\u636e\u4fe1\u606f\u3002<\/p>\n
# kinit administrator\r\n# klist\r\n<\/code><\/pre>\n
\"Verify<\/p>\n
\u4f7f\u7528 Samba \u9a8c\u8bc1 Kerberos \u8ba4\u8bc1\u662f\u5426\u6b63\u5e38<\/em><\/p>\n
\u7b2c 4 \u6b65\uff1a\u9a8c\u8bc1\u5176\u5b83\u57df\u670d\u52a1<\/h3>\n
16\u3001\u4f60\u9996\u5148\u8981\u505a\u7684\u4e00\u4e2a\u6d4b\u8bd5\u5c31\u662f\u9a8c\u8bc1 Samba4 DC DNS<\/strong> \u89e3\u6790\u670d\u52a1\u662f\u5426\u6b63\u5e38\u3002\u8981\u9a8c\u8bc1\u57df DNS \u89e3\u6790\u60c5\u51b5\uff0c\u4f7f\u7528 host<\/code> \u547d\u4ee4\uff0c\u52a0\u4e0a\u4e00\u4e9b\u91cd\u8981\u7684 AD DNS \u8bb0\u5f55\uff0c\u8fdb\u884c\u57df\u540d\u67e5\u8be2\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\u6bcf\u4e00\u6b21\u67e5\u8be2\uff0cDNS \u670d\u52a1\u5668\u90fd\u5e94\u8be5\u8fd4\u56de\u4e24\u4e2a IP \u5730\u5740\u3002<\/p>\n
# host your_domain.tld\r\n# host -t SRV _kerberos._udp.your_domain.tld  # UDP Kerberos SRV record\r\n# host -t SRV _ldap._tcp.your_domain.tld  # TCP LDAP SRV record\r\n<\/code><\/pre>\n
\"Verify<\/p>\n
*\u9a8c\u8bc1 Samba4 DC DNS *<\/p>\n
17\u3001\u8fd9\u4e9b DNS \u8bb0\u5f55\u4e5f\u53ef\u4ee5\u4ece\u6ce8\u518c\u8fc7\u7684\u5df2\u5b89\u88c5\u4e86 RSAT \u5de5\u5177\u7684 Windows \u673a\u5668\u4e0a\u67e5\u8be2\u5230\u3002\u6253\u5f00 DNS \u7ba1\u7406\u5668\uff0c\u5c55\u5f00\u5230\u4f60\u7684\u57df tcp \u8bb0\u5f55\uff0c\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n
\"Verify<\/p>\n
\u901a\u8fc7 Windows RSAT \u5de5\u5177\u6765\u9a8c\u8bc1 DNS \u8bb0\u5f55<\/em><\/p>\n
18\u3001\u4e0b\u4e00\u4e2a\u9a8c\u8bc1\u662f\u68c0\u67e5\u57df LDAP \u590d\u5236\u540c\u6b65\u662f\u5426\u6b63\u5e38\u3002\u4f7f\u7528 samba-tool<\/code> \u5de5\u5177\uff0c\u5728\u7b2c\u4e8c\u4e2a\u57df\u63a7\u5236\u5668\u4e0a\u521b\u5efa\u4e00\u4e2a\u8d26\u53f7\uff0c\u7136\u540e\u68c0\u67e5\u8be5\u8d26\u53f7\u662f\u5426\u81ea\u52a8\u540c\u6b65\u5230\u7b2c\u4e00\u4e2a Samba4 AD DC \u670d\u52a1\u5668\u4e0a\u3002<\/p>\n
\u5728 adc2 \u4e0a\uff1a<\/p>\n
# samba-tool user add test_user\r\n<\/code><\/pre>\n
\u5728 adc1 \u4e0a\uff1a<\/p>\n
# samba-tool user list | grep test_user\r\n<\/code><\/pre>\n
\"Create<\/p>\n
\u5728 Samba4 AD \u670d\u52a1\u5668\u4e0a\u521b\u5efa\u8d26\u53f7<\/em><\/p>\n
\"Verify<\/p>\n
\u5728 Samba4 AD \u670d\u52a1\u5668\u4e0a\u9a8c\u8bc1\u540c\u6b65\u529f\u80fd<\/em><\/p>\n
19\u3001\u4f60\u4e5f\u53ef\u4ee5\u4ece Microsoft AD DC<\/strong> \u63a7\u5236\u53f0\u521b\u5efa\u4e00\u4e2a\u8d26\u53f7\uff0c\u7136\u540e\u9a8c\u8bc1\u8be5\u8d26\u53f7\u662f\u5426\u90fd\u51fa\u73b0\u5728\u4e24\u4e2a\u57df\u63a7\u670d\u52a1\u5668\u4e0a\u3002<\/p>\n
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4e2a\u8d26\u53f7\u90fd\u5e94\u8be5\u5728\u4e24\u4e2a samba \u57df\u63a7\u5236\u5668\u4e0a\u81ea\u52a8\u521b\u5efa\u5b8c\u6210\u3002\u5728 adc1<\/code> \u670d\u52a1\u5668\u4e0a\u4f7f\u7528 wbinfo<\/code> \u547d\u4ee4\u67e5\u8be2\u8be5\u8d26\u53f7\u540d\u3002<\/p>\n
\"Create<\/p>\n
\u4ece Microsoft AD UC \u521b\u5efa\u8d26\u53f7<\/em><\/p>\n
\"Verify<\/p>\n
\u5728 Samba4 AD \u670d\u52a1\u5668\u4e0a\u9a8c\u8bc1\u8d26\u53f7\u540c\u6b65\u529f\u80fd<\/em><\/p>\n
20\u3001\u5b9e\u9645\u4e0a\uff0c\u6253\u5f00 Windows \u673a\u5668\u4e0a\u7684 AD DC<\/strong> \u63a7\u5236\u53f0\uff0c\u5c55\u5f00\u5230\u57df\u63a7\u5236\u5668\uff0c\u4f60\u5e94\u8be5\u770b\u5230\u4e24\u4e2a\u5df2\u6ce8\u518c\u7684 DC \u670d\u52a1\u5668\u3002<\/p>\n
\"Verify<\/p>\n
\u9a8c\u8bc1 Samba4 \u57df\u63a7\u5236\u5668<\/em><\/p>\n
\u7b2c 5 \u6b65\uff1a\u542f\u7528 Samba4 AD DC \u670d\u52a1<\/h3>\n
21\u3001\u8981\u5728\u6574\u4e2a\u7cfb\u7edf\u542f\u7528 Samba4 AD DC \u7684\u670d\u52a1\uff0c\u9996\u5148\u4f60\u5f97\u7981\u7528\u539f\u6765\u7684\u4e0d\u9700\u8981\u7684 Samba \u670d\u52a1\uff0c\u7136\u540e\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u4ec5\u542f\u7528 samba-ad-dc \u670d\u52a1\uff1a<\/p>\n
# systemctl disable smbd nmbd winbind\r\n# systemctl enable samba-ad-dc\r\n<\/code><\/pre>\n
\"Enable<\/p>\n
\u542f\u7528 Samba4 AD DC \u670d\u52a1<\/em><\/p>\n
22\u3001\u5982\u679c\u4f60\u4ece Microsoft \u5ba2\u6237\u7aef\u8fdc\u7a0b\u7ba1\u7406 Samba4 \u57df\u63a7\u5236\u5668\uff0c\u6216\u8005\u6709\u5176\u5b83 Linux \u6216 Windows \u5ba2\u6237\u673a\u96c6\u6210\u5230\u5f53\u524d\u57df\u4e2d\uff0c\u8bf7\u786e\u4fdd\u5728\u5b83\u4eec\u7684\u7f51\u5361 DNS \u670d\u52a1\u5668\u5730\u5740\u8bbe\u7f6e\u4e2d\u63d0\u53ca adc2<\/code> \u670d\u52a1\u5668\u7684 IP \u5730\u5740\uff0c\u4ee5\u5b9e\u73b0\u67d0\u79cd\u7a0b\u5e8f\u4e0a\u7684\u5197\u4f59\u3002<\/p>\n
\u4e0b\u56fe\u663e\u793a Windows \u548c Debian\/Ubuntu \u5ba2\u6237\u673a\u7684\u7f51\u5361\u914d\u7f6e\u8981\u6c42\u3002<\/p>\n
\"Configure<\/p>\n
\u914d\u7f6e Windows \u5ba2\u6237\u7aef\u6765\u7ba1\u7406 Samba4 DC<\/em><\/p>\n
\"Configure<\/p>\n
\u914d\u7f6e Linux \u5ba2\u6237\u7aef\u6765\u7ba1\u7406 Samba4 DC<\/em><\/p>\n
\u5982\u679c\u7b2c\u4e00\u53f0 DC \u670d\u52a1\u5668 192.168.1.254 \u7f51\u7edc\u4e0d\u901a\uff0c\u5219\u8c03\u6574\u914d\u7f6e\u6587\u4ef6\u4e2d DNS \u670d\u52a1\u5668 IP \u5730\u5740\u7684\u987a\u5e8f\uff0c\u4ee5\u514d\u5148\u67e5\u8be2\u8fd9\u53f0\u4e0d\u53ef\u7528\u7684 DNS \u670d\u52a1\u5668\u3002<\/p>\n
\u6700\u540e\uff0c\u5982\u679c\u4f60\u60f3\u5728 Linux \u7cfb\u7edf\u4e0a\u4f7f\u7528 Samba4 \u6d3b\u52a8\u76ee\u5f55\u8d26\u53f7\u6765\u8fdb\u884c\u672c\u5730\u8ba4\u8bc1\uff0c\u6216\u8005\u4e3a AD LDAP \u8d26\u53f7\u6388\u4e88 root \u6743\u9650\uff0c\u8bf7\u67e5\u770b\u5728 Linux \u547d\u4ee4\u884c\u4e0b\u7ba1\u7406 Samba4 AD \u67b6\u6784 \u8fd9\u7bc7\u6559\u7a0b\u7684 \u7b2c 2 \u6b65\u548c\u7b2c 3 \u6b65\u3002<\/p>\n
\n
\u6211\u53eb Ravi Saive\uff0cTecMint \u7f51\u7ad9\u535a\u4e3b\u3002\u4e00\u4e2a\u559c\u6b22\u5728\u7f51\u4e0a\u5206\u4eab\u6280\u672f\u77e5\u8bc6\u53ca\u7ecf\u9a8c\u7684\u7535\u8111\u6781\u5ba2\u548c Linux \u7cfb\u7edf\u4e13\u5bb6\u3002\u6211\u7684\u5927\u591a\u6570\u7684\u670d\u52a1\u5668\u90fd\u8fd0\u884c\u5728 Linux \u5f00\u6e90\u5e73\u53f0\u4e0a\u3002\u5173\u6ce8\u6211\uff1aTwitter \uff0cFacebook \u548c Google+ \u3002<\/p>\n
\n<\/div>\n","protected":false},"excerpt":{"rendered":"
\u8fd9\u7bc7\u6587\u7ae0\u5c06\u8bb2\u89e3\u5982\u4f55\u4f7f\u7528 Ubuntu 16.04 \u670d\u52a1\u5668\u7248\u7cfb\u7edf\u6765\u521b\u5efa\u7b2c\u4e8c\u53f0 Samba4 \u57df\u63a7\u5236\u5668\uff0c\u5e76\u5c06\u5176\u52a0\u5165 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,28],"tags":[],"class_list":["post-10307","post","type-post","status-publish","format-standard","hentry","category-linux","category-ubuntu"],"_links":{"self":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts\/10307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/comments?post=10307"}],"version-history":[{"count":0,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/posts\/10307\/revisions"}],"wp:attachment":[{"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/media?parent=10307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/categories?post=10307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/idc.net\/help\/wp-json\/wp\/v2\/tags?post=10307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}