软件需求:
krb5-workstation-1.9-33.el6_3.2.x86_64
krb5-libs-1.9-33.el6_3.2.x86_64
krb5-devel-1.9-33.el6_3.2.x86_64
pam_krb5-2.3.11-9.el6.x86_64
samba-3.5.10-125.el6.x86_64
samba-client-3.5.10-125.el6.x86_64
samba-winbind-clients-3.5.10-125.el6.x86_64
samba-winbind-3.5.10-125.el6.x86_64
samba-common-3.5.10-125.el6.x86_64
测试环境关闭iptables 和selinux
service iptables stop
setenforce 0
yum -y install统一安装
下边以test.com为域名主域ip 192.168.10.10安装
编辑/etc/krb5.conf
-----------/etc/krb5.conf-----------
[libdefaults]
default_realm = TEST.COM()
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
EXAMPLE.COM = {
kdc = 192.168.10.10:88
admin_server = 192.168.10.10:749
default_domain = TEST.COM
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM
----------------------------------------
编辑/etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
编辑/etc/resolve.conf
加入行: nameserver 192.168.10.10
编辑/etc/samba/smb.conf
----------/etc/samba/smb.conf----------
workgroup = EXAMPLE
server string = Samba Server Version %v
netbios name = hostname
# ----------------------- Domain Members Options ------------------------
security = ads
passdb backend = tdbsam
realm = example.com
password server = 192.168.10.10
encrypt passwords = yes
idmap uid = 16777216-33554431
idmap gid = 18777216-33554431
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = true
winbind offline logon = true
-----------------------------------------------------------------------
#nepdate 192.168.10.10 同步域服务器时间
#net ads join -U administrator 后再输入administrator密码加入域
#net ads leave -U administrator 退域
wbinfo -t 查看域链接状态
wbinfo -u 查看域用户
wbinfo -g 查看域组
------------------------设置samba查看用户操作日志 删改上传文件等---------------------
/etc/samba/smb.conf
vfs_object = full_audit
full_audit:prefix = %u|%I|%m|%S
full_audit:success = mkdir rename unlink rmdir write chmod chown
full_audit:failure = none
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
设置好就可以在/etc/rsyslog.conf下设置日志存放路径。
local5.* /var/log/samba/samba.log
----------------------------------------------------------------------------------
可以用 loganalyzer 通过lamp访问查看
yum -y install rsyslog-mysql
会自带一个创建数据库脚本 /usr/shart/doc/rsyslog-mysql-**/createDB.sql
新建mysql用户,并创建数据库
mysql>grant all on Syslog to 'log'@'localhost' identified by 'logpass'
#mysql -ulog -p < /usr/shart/doc/rsyslog-mysql-**/createDB.sql
--------------/etc/rsyslog.conf------------------
$ModLoad ommysql 加载mysql模块
local5.* :ommysql:localhost,Syslog,log,logpass
----------------------------------------------------
下载loganalyzer wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz
解压
#cd loganalyzer***
#cp scr /var/www/html/log
#cp contrib/* /var/www/html/log/
#cd /var/www/html/log
#bash ./configure.sh