· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
ADDwithSMB
[edit]

Active Directory Domain with Samba Domain Member Server


[edit]

ÀÛ¾÷½Ã À¯ÀÇ»çÇ×

  • ½Ã½ºÅÛ ¸¶À̱׷¹ÀÌ¼Ç ÀÛ¾÷½Ã¿¡ ad ¿Í uid , gdi ¸ÅÇÎÀÌ Ç®¸®´Â °æ¿ì°¡ ÀÖ´Ù.
  • À¯ÀÇÇÏÀÚ -_-;; ( ¾ÆÁ÷ ÇØ°áÃ¥ ¸øáÀ½ )
[edit]

Ãß°¡ ¿äû »çÇ× , º¯°æ¿ä±¸Á¡

  • ÀÛ¼ºÇØÁֽʽÿÀ.

[edit]

¿¬°èÀýÂ÷

[edit]

¼³Á¤ ÆÄÀÏÀº ´ÙÀ½°ú °°½À´Ï´Ù.

/etc/samba/smb.conf 

   unix charset = CP949
   netbios name = URSERVERNAME
   workgroup = URWORKGROUP
   server string = URSERVERNAME
   hosts allow = 111.222.333.444
   log file = /var/log/samba/%m.log
   max log size = 50
   realm = UR ACTIVE DIRECTORY REALM
   security = ADS
   encrypt passwords = yes
   username map = /etc/samba/smbusers
   socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
   ldap ssl = no
   dns proxy = no
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template shell = /bin/false
   winbind enum users = yes
   winbind gid = 10000-20000
   winbind enum groups = yes
   winbind separator = +
   winbind cache time = 10
   winbind use default domain = Yes 
   # yes ÀϽÿ¡´Â Á¶±Ý Ʋ·ÁÁü 
   template primary group = "UR AD GROUP NAME"
   template shell = /bin/bash
   template homedir = /samba/users/%U
   # À¯Àú ¸ÊÇÎÀÌ Ç®¸®´Â °æ¿ì°¡ À־ ´ÙÀ½ÁÙ Ãß°¡
   client schannel = no

[edit]

/etc/nsswitch.conf ¸¦ ´ÙÀ½Ã³·³ ¹Ù²ß´Ï´Ù.


³ª¸ÓÁö ºÎºÐÀº À¯ÁöÇÕ´Ï´Ù. 
passwd:     compat winbind
shadow:     files
group:      compat winbind
hosts : files dns wins
[edit]

/etc/samba/*.tdb ¸¦ »èÁ¦ÇÕ´Ï´Ù 

rm -f /etc/samba/*.tdb
==== /var/cache/samba/*.tdb ¸¦ »èÁ¦ÇÕ´Ï´Ù.==== 
rm -f /var/cache/samba/*.tdb
[edit]

/etc/krb5.conf ¸¦ ´ÙÀ½°ú °°ÀÌ ¼öÁ¤ÇÑ´Ù 


[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = '''UR ACTIVE DIRECTORY REALM'''
 ticket_lifetime = 24000
 dns_lookup_realm = false
 dns_lookup_kdc = false


[realms]
 '''UR ACTIVE DIRECTORY REALM''' = {
        kdc = '''UR ACTIVE DIRECTORY HOSTNAME''':88
 }

[edit]

active directory ¿¡ ·Î±äÇÕ´Ï´Ù. 

kinit administrator@UR ACTIVE DIRECTORY REALM
passwd:¾ÏÈ£ ³ÖÀ½ (°ü¸®ÀÚ ¾ÏÈ£ )
[edit]

ÆÄÀϽá¹ö¸¦ ¿¬µ¿½Ãŵ´Ï´Ù 

net ads join -UAdministrator@UR ACTIVE DIRECTORY REA
passwd:¾ÏÈ£ ³ÖÀ½ (°ü¸®ÀÚ¾ÏÈ£ )
[edit]

rpc ¿¡ Á¶ÀÎÇÕ´Ï´Ù 

net rpc join -UAdministrator@UR ACTIVE DIRECTORY REALM
passwd:°ü¸®Å¸¾ÏÈ£
[edit]

winbind ¿Í smb ¼­ºñ½º¸¦ ¿Ã¸³´Ï´Ù 

chkconfig --add smb
chkconfig --add winbind
service smb restart
service winbind restart

[edit]

À¯Àú¿Í ±×·ìÀÇ ¿¬µ¿À» È®ÀÎÇÕ´Ï´Ù 


wbinfo -u : À¯Àú È®ÀÎ
wbinfo -g : ±×·ì È®ÀÎ

´ÙÀ½°ú °°ÀÌ ³ª¿É´Ï´Ù. 
[root@file var]# wbinfo -u
TEST+MAIN$
TEST+Administrator
TEST+DC$
TEST+Guest
TEST+IUSR_MAIN
TEST+IWAM_MAIN
TEST+test3
TEST+test1
TEST+test2
...


[root@kiwi var]# wbinfo -g
BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users
... Áß°£ »ý·« ...
TEST+°³¹ß½Ç
...

[edit]

´ÙÀ½°ú °°ÀÌ »ï¹ÙÀÇ ¿µ¿ªÀ» ¼³Á¤Çغ¾´Ï´Ù 

[devel]
   comment = °³¹ß½Ç
   path = /samba/devel
   read list = @°³¹ß½Ç
   writable = yes
   write list = @°³¹ß½Ç
   create mask = 0770

[edit]

uid/sid ¹®Á¦ ÇØ°áÀ» À§ÇÑ nuri ´ÔÀÇ ÆÁ

  • net idmap restore ·Î winbindd_idmap.tdb ¸¸µé¾îµÎ¸é uid /sid ¹®Á¦ ¾ø´Ù
  • net idmap dump > idmap_dump ·Î ´ýÇÁ
  • net idmap restore < idmap_dump ·Î ¸®½ºÅä¾î ( À©¹ÙÀÎµå ±¸µ¿Àü¿¡ )
  • fc5 ¿¡ ÀÖ´Â samba 3.0.23 ¹öÁ¯Àº ¿©·¯°¡Áö sync ¹®Á¦µéÀÌ ÇØ°áµÇ¾úÀ½

ID
Password
Join
The universe is laughing behind your back.
UML
GentooX86Handbook_Ko_1-11
SuitBox
Tomcat-HOWTO


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2006-08-23 18:48:24
Processing time 0.0048 sec