Вводим Linux в домен. Расшариваем ресурсы.
/ Просмотров: 1485
Debian GNU/Linux 10 (buster)
Просто history.
hostname SRV-004 echo SRV-004 > /etc/hostname echo domain ewgenik.ru > /etc/resolv.conf echo search ewgenik.ru >> /etc/resolv.conf echo nameserver 192.168.16.248 >> /etc/resolv.conf echo nameserver 192.168.16.249 >> /etc/resolv.conf cat /etc/resolv.conf echo 127.0.0.1 localhost > /etc/hosts echo 127.0.1.1 SRV-004.ewgenik.ru SRV-004 >> /etc/hosts echo ::1 localhost ip6-localhost ip6-loopback >> /etc/hosts echo ff02::1 ip6-allnodes >> /etc/hosts echo ff02::2 ip6-allrouters >> /etc/hosts hostname -f reboot
apt-get update
apt-get install krb5-user samba winbind smbclient libnss-winbind mc ntp -y
echo server NTP-001.ewgenik.ru > /etc/ntp.conf
echo server NTP-002.ewgenik.ru >> /etc/ntp.conf
service ntp restart
echo [realms] > /etc/krb5.conf
echo ewgenik.ru = { >> /etc/krb5.conf
echo kdc = dc-01.ewgenik.ru >> /etc/krb5.conf
echo kdc = dc-02.ewgenik.ru >> /etc/krb5.conf
echo admin_server = dc-02.ewgenik.ru >> /etc/krb5.conf
echo default_domain = ewgenik.ru >> /etc/krb5.conf
echo } >> /etc/krb5.conf
echo [domain_realm] >> /etc/krb5.conf
echo .ewgenik.ru = ewgenik.ru >> /etc/krb5.conf
echo ewgenik.ru = ewgenik.ru >> /etc/krb5.conf
echo [login] >> /etc/krb5.conf
echo krb4_convert = false >> /etc/krb5.conf
echo krb4_get_tickets = false >> /etc/krb5.conf
kinit nikonorov@ewgenik.ru
klist
echo [global] > /etc/samba/smb.conf
echo workgroup = EWGENIK >> /etc/samba/smb.conf
echo realm = ewgenik.ru >> /etc/samba/smb.conf
echo security = ADS >> /etc/samba/smb.conf
echo encrypt passwords = true >> /etc/samba/smb.conf
echo dns proxy = no >> /etc/samba/smb.conf
echo socket options = TCP_NODELAY >> /etc/samba/smb.conf
echo domain master = no >> /etc/samba/smb.conf
echo local master = no >> /etc/samba/smb.conf
echo preferred master = no >> /etc/samba/smb.conf
echo os level = 0 >> /etc/samba/smb.conf
echo domain logons = no >> /etc/samba/smb.conf
echo load printers = no >> /etc/samba/smb.conf
echo show add printer wizard = no >> /etc/samba/smb.conf
echo printcap name = /dev/null >> /etc/samba/smb.conf
echo disable spoolss = yes >> /etc/samba/smb.conf
echo winbind enum groups = yes >> /etc/samba/smb.conf
echo winbind enum users = yes >> /etc/samba/smb.conf
echo winbind refresh tickets = yes >> /etc/samba/smb.conf
echo idmap config * : range = 10000-20000 >> /etc/samba/smb.conf
echo idmap config * : backend = tdb >> /etc/samba/smb.conf
ulimit -n 16384
ulimit -Hn -Sn
echo * - nofile 16384 >> /etc/security/limits.conf
echo root - nofile 16384 >> /etc/security/limits.conf
testparm
net ads join -U nikonorov -D EWGENIK
net ads testjoin
smbclient -k -L SRV-010
service winbind stop
service smbd restart
service winbind start
wbinfo -t
wbinfo -u
wbinfo -g
nano /etc/nsswitch.conf
passwd: files winbind group: files winbind shadow: files gshadow: files hosts: files dns mdns4_minimal[NotFoud=return] mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
getent passwd getent group mkdir -p /mnt/share01 chgrp -R "EWGENIK\пользователи домена" /mnt/share01 ls -l /mnt/ chmod 2750 /mnt/share01 echo [share01] >> /etc/samba/smb.conf echo path = /mnt/share01/ >> /etc/samba/smb.conf echo read only = no >> /etc/samba/smb.conf echo force create mode = 0600 >> /etc/samba/smb.conf echo force directory mode = 0700 >> /etc/samba/smb.conf echo admin users = @"EWGENIK\domain admins" >> /etc/samba/smb.conf smbcontrol all reload-config