Windows AD域用户访问Linux samba服务

说明

test.com替换成你的AD服务器域名，注意有的配置中是大写，有些配置是小写

/etc/samba/smb.conf

workgroup = TESTrealm = TEST.COMsecurity = ADSpassword server = 192.168.10.254# password server是AD域控服务器IPidmap uid = 10000 - 20000idmap gid = 10000 - 20000template shell = /sbin/nologinwinbind separator = /winbind use default domain = yeswinbind enum users = yeswinbind enum groups = yesencrypt passwords = yes

/etc/nsswitch.conf

passwd:     files winbindgroup:      files winbind

/etc/krb5.conf

[libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = TEST.COM default_ccache_name = KEYRING:persistent:%{uid}[realms]TEST.COM = { kdc = 192.168.10.254:88 # AD域控服务器IP default_domain = TEST.COM}[domain_realm].test.com = TEST.COMtest.com = TEST.COM

/etc/resolv.conf

nameserver: DNS服务器

nameserver 192.168.10.254

启动服务并加入域中

systemctl  restart smbnet ads join -U administratorsystemctl restart winbind

测试：

wbinfo -t       #看winbind是否正常运行wbinfo -u      #看AD用户是否同步过来了

samba访问配置：

• 域用户直接写名称即可
• 域组@+名称

 [share]     comment = Home Directories     path=/share_dir     browseable = yes     writable = yes     valid users = yyy  @test

域用户yyy，域组test中的所有用户均可使用其域账号访问该samba共享目录