# yum install samba samba-client samba-winbind samba-winbind-clients
# vim /etc/samba/smb.conf
[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
security = ads
idmap config * : backend = autorid
idmap config * : range = 100000-19999999
idmap config * : rangesize = 1000000
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = false
winbind offline logon = true
log file = /var/log/samba/log.%m
max log size = 50
log level = 0
[Samba_Share]
comment = My Samba share
path = /SAMBASHARE
read only = yes
guest ok = no
valid users = +"DOMAIN\group1", +"DOMAIN\group2"
write list = +"DOMAIN\group1"
# Ensure that /etc/resolv.conf is set to a DNS server that can resolve your AD DNS zones, and that the search domain is set to the AD DNS domain. Run the following command to verify that you can resolve the standard SRV records:
# dig srv _ldap._tcp.dc._msdcs.domain.name
# net ads join -U Administrator
# systemctl start winbind
#Verify the the system can talk to Active Directory.
# wbinfo -t
# wbinfo -u
# wbinfo -g
# configure the NSS and PAM stack.
# authselect select winbind with-mkhomedir --force
Ensure that /etc/nsswitch.conf has the following passwd and group entries:
passwd: files winbind
group: files winbind
# chgrp -R "DOMAIN\\domain users" /SAMBASHARE/
# chmod -R g+rws /SAMBASHARE/
# chcon -R -t samba_share_t /SAMBASHARE/
正文完