我對 Samba 還很陌生,在允許網域使用者存取共用時遇到了麻煩。我已將我的samba 伺服器(centos 7)作為網域成員連結到我的AD.command # 領域列表顯示正確的訊息,但是ID 使用者名稱不顯示正確的訊息,但網路廣告使用者-U admin -I serverip 確實顯示所有網域使用者。在 Windows 中,在共用權限並為網域使用者新增群組物件時,我以身分登入[電子郵件受保護](但是我不認為這正在運行身份驗證,因為其他網域管理員無法登入)我單擊“確定”,然後填充mydomain\ 網域用戶,以便它知道我正在使用網域,但點擊“應用程式”表示訪問被拒絕。如果我需要貼上confs,請告訴我我已附上我認為相關的內容
smb設定檔
See smb.conf.example for a more detailed config
file or
read the smb.conf manpage.
Run 'testparm' to verify the config is correct
after
you modified it.
[global]
workgroup = GBZ
security = ADS
realm = GBZ.COM
#netbios name = smb.gbz.com
password server = AD.GBZ.COM
log file = /var/log/samba/log.%m
max log size = 50
unix extensions = No
client signing = required
local master = no
domain master = no
template homedir = /home/%U
template shell = /bin/bash
winbind separator = +
winbind use default domain = yes
winbind nss info = rfc2307
idmap config * : range = 16777216-33554431
idmap config * : backend = ad.gbz.com
cups options = raw
root preexec = /usr/local/sbin/mkhomedir.sh %U
usershare allow guests = yes
os level = 20
map to guest = bad user
host msdfs = no
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[cnc]
path = /srv/samba/cnc
browseable = yes
writable = yes
guest ok = yes
read only = no
public = yes
valid users = @"GBZ+Domain Users"
admin users = @"GBZ+Domain Admins"
[public]
path = /srv/samba/public
browseable = yes
writable = yes
guest ok = yes
read only = no
public = yes
valid users = @"GBZ+domain users"
admin users = @"GBZ+Domain Admins"
[hr]
path = /srv/samba/hr
comment = Sensitive infomation, authorization is required.
read only = no
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
ticket_lifetime = 600
defualt_realm = GBZ.COM
dns_lookup_realm = false
dns_lookup_kdc = true
defualt_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
defualt_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
GBZ.COM = {
defualt_domain = gbz.com
}
[domain_realm]
.gbz.com = GBZ.COM
gbz.com = GBZ.COM
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
defualt = FILE:/var/log/krb5lib.logog
nsswitch.conf
passwd: compat files winbind
shadow: compat files winbind
group: compat files
#initgroups: files sss
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: db files
networks: db files
protocols: db files
rpc: db files
services: db files
netgroup: nis
publickey: nisplus
automount: files sss
aliases: files nisplus
非常感謝任何和所有的幫助