重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
linux下加入windows ad域的3种方法分别是什么,很多新手对此不是很清楚,为了帮助大家解决这个难题,下面小编将为大家详细讲解,有这方面需求的人可以来学习下,希望你能有所收获。
成都创新互联公司是一家专注于成都网站设计、网站建设与策划设计,浏阳网站建设哪家好?成都创新互联公司做网站,专注于网站建设10多年,网设计领域的专业建站公司;建站业务涵盖:浏阳等地区。浏阳做网站价格咨询:028-86922220
下面是3 种linux下加入 Windows Acitve Directory 并用 AD 验证帐号的方法。
假设您的环境是 AD server: server.redhat.com
realm: redhat.com
方法1:
该方法适用于有图形界面的环境。
执行命令
# system-config-authentication
方法2:
该方法适用于文本界面环境。
执行命令
# setup
选择
Authentication
方法3:
该方法适用于文本界面环境。
修改 /etc/krb5.conf
[root@client1 ~]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = REDHAT.COM
DNS_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
REDHAT.COM = {
kdc = server.redhat.com.com:88
admin_server = server.redhat.com:749
default_domain = redhat.com
}
[domain_realm]
redhat.com = REDHAT.COM
.redhat.com = REDHAT.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[root@client1 ~]#
2 修改 /etc/samba/smb.conf
[global]
#--authconfig--start-line--
workgroup = redhat.com
password server = server.redhat.com
realm = REDHAT.COM
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = false
winbind offline logon = false
#--authconfig--end-line--
3 修改 /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
4 修改 pam 认证模块
添加
[root@client1 ~]# cat /etc/pam.d/system-auth-ac
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_winbind.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_mkhomedir.so
5 加入 Windows Active Directory 域
[root@client1 ~]# net ads join -S server.redhat.com -W REDHAT.COM -U
Administrator
6 启动 winbind
# chkconfig --level 35 winbind on
# service winbind restart
看完上述内容是否对您有帮助呢?如果还想对相关知识有进一步的了解或阅读更多相关文章,请关注创新互联行业资讯频道,感谢您对创新互联的支持。