centos 指令 setup 設定帳號的登入驗證 winbind

centos  setup 指令 可用來簡單的設定帳號的登入驗證。

wbinfo -u 或是 -g 在 setup 介面設定 winbind auth 完成後就可以查詢到 AD 上的帳號了。

getent passwd 若出現AD帳號像 TOYOINK-CT/sc.yang 表示 「smb.conf」裏,參數是 winbind use default domain = no 。改為 winbind use default domain = yes 帳號就不會被冠上 domain 了。記得要重新啟動 winbind

/etc/krb5.conf 其中 realms 域中的default domain 設定必需要指定

[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}

TOYOINK-CT.COM.TW = {
kdc = ad3server.toyoink-ct.com.tw
default_domain = toyoink-ct.com.tw
}

/etc/samba/smb.conf
WORKGROUP = TOYOINK-CT #也記得要設定正確

getent passwd 若沒發現 AD 上的帳號加入,要檢查 smb.conf winbind 的幾個參數是否有設定到。

winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = true
winbind offline logon = false

所以說如果 getent passwd 查不到帳號不代表 AD 上的帳號不起作用喔!!
但是手冊上寫說最好加進去不然對有些應用程式有可能會發生錯誤。

winbind enum groups (G)

On large installations using winbindd(8) it may be necessary to suppress the enumeration
of groups through the setgrent(), getgrent() and endgrent() group of system calls. If the
winbind enum groups parameter is no, calls to the getgrent() system call will not return
any data.

Warning
Turning off group enumeration may cause some programs to behave oddly.

Default: winbind enum groups = no

winbind enum users (G)

On large installations using winbindd(8) it may be necessary to suppress the enumeration
of users through the setpwent(), getpwent() and endpwent() group of system calls. If the
winbind enum users parameter is no, calls to the getpwent system call will not return any
data.

Warning
Turning off user enumeration may cause some programs to behave oddly. For example, the
finger program relies on having access to the full user list when searching for matching
usernames.

Default: winbind enum users = no

winbind 筆記

smb.conf template home 設定值會影響 getent passwd 的家目錄的路徑值。

smb.conf 有任何修改,最好都要讓 winbind 重新載入設定值。

winbind 家目錄不正確的問題會造成無法登入的問題。

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 變更 )

Twitter picture

You are commenting using your Twitter account. Log Out / 變更 )

Facebook照片

You are commenting using your Facebook account. Log Out / 變更 )

Google+ photo

You are commenting using your Google+ account. Log Out / 變更 )

連結到 %s