在RHEL4系统中使用Samba搭建主域控制器
2007-07-24 kenthy#qingdaonews.com
######################################################
系统环境:RHEL4 [ 2.6.9-5.EL ]
软件版本:
samba-3.0.10-1.4E
samba-common-3.0.10-1.4E
samba-client-3.0.10-1.4E
目标功能:
此处仅实现使用samba服务器作为PDC主域控制器,网内主机可以加入该域并使用域帐号登陆以及用户配置文件漫游。AD及及域帐号管理等不在此陈述。
域控制器[RHEL4]:
netbios name:SambaPDC
domain name: redhat.com
eth1: 192.168.1.1/24
域成员主机[Win2003]:
netbios name: xiyuan
eth0: 192.168.1.100/24
######################################################
1、域控制器
1> samba配置[仅列出主要相关配置]
[global]
workgroup = redhat.com //对应的域名
netbios name = SambaPDC
server string = Samba-PDC-Server
security = user
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 64
domain master = yes
preferred master = yes
domain logons = yes
logon script = netlogon.bat
logon path =
logon home =
logon drive = T:
;add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/falsev %U
unix charset = cp936
[homes]
browseable = no
writeable = yes
[netlogon]
path = /etc/samba/netlogon
write list = root
read only = yes
browseable = no
share modes = no
[Profiles]
path = /etc/samba/Profiles
valid users = root kenthy
writeable = yes
browseable = no
create mask = 0765
2> samba用户设置
# useradd kenthy ; passwd kenthy
# smbpasswd -a root
# smbpasswd -a kenthy
# groupadd machines
# useradd -d /dev/null -g machines -s /bin/false xiyuan$
# passwd -l xiyuan$
# smbpasswd -am xiyuan$
3> 域登陆目录设置
# mkdir -p /etc/samba/netlogon/scripts
# mkdir -p /etc/samba/Profiles
# chmod 1777 /etc/samba/Profiles
# su - kenthy
$ cd /etc/samba/Profiles
$ mkdir kenthy
4> DNS服务器配置,为redhat.com域提供名称解析[过程略]
5> 启动服务
# service smb start
2、域成员主机[WinXP或Win2003]
1> 找到samba服务器上的/usr/share/doc/samba-3.0.10/registry/目录里的WinXP_PlainPassword.reg和WinXP_SignOrSeal.reg文件
,复制到windows成员主机上并执行。或者手动编辑注册表文件导入以下内容:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000001
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"OtherDomains"=hex(7):00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
2> 将DNS服务器指向PDC,在“我的电脑”-->“属性”-->“计算机名”-->“更改”-->“隶属于”-->“域”,填入“redhat.com”,根据提示输入root用户名和密码,验证通过后成功加入redhat.com域。
3> 注销后,使用设置的kenthy域用户登陆成员主机,并查看验证用户配置文件漫游等功能……。
阅读(1442) | 评论(0) | 转发(0) |
