samba 加入域的问题

黑马骑士

以下是我的配置文件:

1. root@xxxSERVER02:/home# nano /etc/krb5.conf
   
2. 
   
3. [logging]
   
4.         default = FILE:/var/log/krb5libs.log
   
5.         kdc = FILE:/var/log/krb5kdc.log
   
6.         admin_server = FILE:/var/log/kadmind.log
   
7. 
   
8. [libdefaults]
   
9.         ticket_lifetime = 24000
   
10.         default_realm = xxx.LOCAL
    
11. [realms]
    
12.         xxx.LOCAL = {
    
13.                 kdc = 10.0.0.3:88
    
14.                 admin_server = 10.0.0.3:464
    
15.                 default_domain = xxx.LOCAL
    
16.         }
    
17. 
    
18. [domain_realm]
    
19.         .xxx.local = xxx.LOCAL
    
20.         xxx.local = xxx.LOCAL
    
21. 
    
22. root@xxxSERVER02:/home# kinit Administrator
    
23. Password for Administrator@xxx.LOCAL:
    
24. root@xxxSERVER02:/home# klist
    
25. Ticket cache: FILE:/tmp/krb5cc_0
    
26. Default principal: Administrator@xxx.LOCAL
    
27. 
    
28. Valid starting     Expires            Service principal
    
29. 05/03/10 19:56:47  05/04/10 02:36:47  krbtgt/xxx.LOCAL@xxx.LOCAL
    
30. nano /etc/samba/smb.conf
    
31. 
    
32. [global]
    
33.         workgroup = xxx
    
34.         realm = xxx.LOCAL
    
35.         security = ADS
    
36.         password server = 10.0.0.3
    
37.         restrict anonymous = 2
    
38.         client NTLMv2 auth = Yes
    
39.         idmap uid = 10000-20000
    
40.         idmap gid = 10000-20000
    
41.         template shell = /bin/bash
    
42.         winbind separator = /
    
43.         winbind enum users = Yes
    
44.         winbind enum groups = Yes
    
45.         winbind use default domain = Yes
    
46. /etc/init.d/winbind stop
    
47. /etc/init.d/samba restart
    
48. /etc/init.d/winbind start
    
49. root@xxxSERVER02:/home# kinit Administrator
    
50. Password for Administrator@xxx.LOCAL:
    
51. root@xxxSERVER02:/home# net ads join -U Administrator
    
52. Enter Administrator's password:
    
53. Using short domain name -- xxx
    
54. Joined 'xxxSERVER02' to realm 'xxx.local'
    
55. No DNS domain configured for xxxserver02. Unable to perform DNS Update.
    
56. DNS update failed!
    
57. root@xxxSERVER02:/home# wbinfo -u
    
58. xxxSERVER02/sysadmin
    
59. xxxSERVER02/new
    
60. administrator
    
61. guest
    
62. .....
    
63. root@xxxSERVER02:/home# wbinfo -g
    
64. domain computers
    
65. domain controllers
    
66. schema admins
    
67. ...
    
68. root@xxxSERVER02:/home# getent passwd
    
69. root:x:0:0:root:/root:/bin/bash
    
70. daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    
71. bin:x:2:2:bin:/bin:/bin/sh
    
72. sys:x:3:3:sys:/dev:/bin/sh
    
73. sync:x:4:65534:sync:/bin:/bin/sync
    
74. games:x:5:60:games:/usr/games:/bin/sh
    
75. man:x:6:12:man:/var/cache/man:/bin/sh
    
76. lp:x:7:7:lp:/var/spool/lpd:/bin/sh
    
77. mail:x:8:8:mail:/var/mail:/bin/sh
    
78. news:x:9:9:news:/var/spool/news:/bin/sh
    
79. uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
    
80. proxy:x:13:13:proxy:/bin:/bin/sh
    
81. www-data:x:33:33:www-data:/var/www:/bin/sh
    
82. backup:x:34:34:backup:/var/backups:/bin/sh
    
83. list:x:38:38:Mailing List Manager:/var/list:/bin/sh
    
84. irc:x:39:39:ircd:/var/run/ircd:/bin/sh
    
85. gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
    
86. nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
    
87. libuuid:x:100:101::/var/lib/libuuid:/bin/sh
    
88. syslog:x:101:103::/home/syslog:/bin/false
    
89. mysql:x:102:105:MySQL Server,,,:/var/lib/mysql:/bin/false
    
90. landscape:x:103:106::/var/lib/landscape:/bin/false
    
91. postfix:x:104:110::/var/spool/postfix:/bin/false
    
92. dovecot:x:105:112:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
    
93. sysadmin:x:1000:1000:sysadmin,,,:/home/sysadmin:/bin/bash
    
94. sshd:x:106:65534::/var/run/sshd:/usr/sbin/nologin
    
95. messagebus:x:107:118::/var/run/dbus:/bin/false
    
96. hplip:x:108:7:HPLIP system user,,,:/var/run/hplip:/bin/false
    
97. avahi-autoipd:x:109:119:Avahi autoip daemon,,,:/var/lib/avahi-
    
98. 
    
99. autoipd:/bin/false
    
100. avahi:x:110:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
     
101. couchdb:x:111:121:CouchDB Administrator,,,:/var/lib/couchdb:/bin/bash
     
102. haldaemon:x:112:122:Hardware abstraction layer,,,:/var/run/hald:/bin/false
     
103. speech-dispatcher:x:113:29:Speech Dispatcher,,,:/var/run/speech-
     
104. 
     
105. dispatcher:/bin/sh
     
106. kernoops:x:114:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
     
107. saned:x:115:123::/home/saned:/bin/false
     
108. pulse:x:116:124:PulseAudio daemon,,,:/var/run/pulse:/bin/false
     
109. gdm:x:117:126:Gnome Display Manager:/var/lib/gdm:/bin/false
     
110. ftp:x:118:127:ftp daemon,,,:/srv/ftp:/bin/false
     
111. new:x:1001:1001::/home/new:/bin/sh
     
112. administrator:*:10000:10009:Administrator:/home/xxx/administrator:/bin/bash
     
113. guest:*:10002:10016:Guest:/home/xxx/guest:/bin/bash
     
114. ...
     
115. 
     
116. 
     
117. ---------
     
118. \\10.0.0.6
     
119. No Process is on the other end of the pipe
     
120. 
     
121. 
     

复制代码

---------
当我访问该服务器是出现以下错误
\\10.0.0.6
No Process is on the other end of the pipe

请问谁有实战经验。。。

先谢谢了

Alrick

Y u using kerberos

chfl4gs_

回复 2# Alrick

不用kerberos可以join domain？

Alrick

回复 3# chfl4gs_


    你用samba version 几?
    Join Domain 只须winbind.

chfl4gs_

回复  chfl4gs_


    你用samba version 几?
    Join Domain 只须winbind.
Alrick 发表于 13-5-2010 09:11 AM

议题LZ要的是Active Directory Service (ADS)，你可以只用winbind来join？

chfl4gs_

回复 1# 黑马骑士

加入区域后再启动samba，winbind。

还有要注意的是，如果是加入w2k3 server的区域，smb.conf的［global］最好加上

client use spnego = no
server signing = auto

黑马骑士

是join to windows server 2008 r2
我的步骤是配置了kerberos，然后用kinit登入成功后才启动samba，winbind过后才用net ads join 来zoin to domain。虽然成功join（看到用户和用户组列表了）但是却无法访问samba。这个时候我回去改security = ADS 成server就可以使用ad登陆了，但是当认证过期后却无法重新认证。

如果依照chfl4gs_大哥的加入domain后再启动samba，winbind，可是net ads join不是依照/etc/samba/smb.conf的配置的吗？。

不过明天回去公司在试试，回来再跟各位报告rfrf