软件需求:

krb5-workstation-1.9-33.el6_3.2.x86_64

krb5-libs-1.9-33.el6_3.2.x86_64

krb5-devel-1.9-33.el6_3.2.x86_64

pam_krb5-2.3.11-9.el6.x86_64

samba-3.5.10-125.el6.x86_64

samba-client-3.5.10-125.el6.x86_64

samba-winbind-clients-3.5.10-125.el6.x86_64

samba-winbind-3.5.10-125.el6.x86_64

samba-common-3.5.10-125.el6.x86_64


测试环境关闭iptables  和selinux


service iptables stop

setenforce 0



yum -y install统一安装


下边以test.com为域名主域ip 192.168.10.10安装


编辑/etc/krb5.conf

-----------/etc/krb5.conf-----------

[libdefaults]

 default_realm = TEST.COM()

 dns_lookup_realm = false

 dns_lookup_kdc = false

 ticket_lifetime = 24h

 renew_lifetime = 7d

 forwardable = true


[realms]

 EXAMPLE.COM = {

  kdc = 192.168.10.10:88

  admin_server = 192.168.10.10:749

  default_domain = TEST.COM

 }


[domain_realm]

 .test.com = TEST.COM

 test.com = TEST.COM


----------------------------------------

编辑/etc/nsswitch.conf


passwd:    files winbind

shadow:    files winbind

group:        files winbind


编辑/etc/resolve.conf

加入行: nameserver 192.168.10.10


编辑/etc/samba/smb.conf


----------/etc/samba/smb.conf----------

        workgroup = EXAMPLE

        server string = Samba Server Version %v

        netbios name = hostname

# ----------------------- Domain Members Options ------------------------

        security = ads

        passdb backend = tdbsam

        realm = example.com

        password server = 192.168.10.10

        encrypt passwords = yes

        idmap uid = 16777216-33554431

        idmap gid = 18777216-33554431

        template shell = /bin/bash

        template homedir = /home/%U

        winbind use default domain = true

        winbind offline logon = true

-----------------------------------------------------------------------

#nepdate 192.168.10.10   同步域服务器时间

#net ads join -U administrator   后再输入administrator密码加入域

#net ads leave -U administrator  退域


wbinfo -t 查看域链接状态

wbinfo -u 查看域用户

wbinfo -g 查看域组


------------------------设置samba查看用户操作日志 删改上传文件等---------------------

/etc/samba/smb.conf


    vfs_object = full_audit

    full_audit:prefix = %u|%I|%m|%S

    full_audit:success = mkdir rename unlink rmdir write chmod chown

    full_audit:failure = none

    full_audit:facility = LOCAL5

    full_audit:priority = NOTICE


设置好就可以在/etc/rsyslog.conf下设置日志存放路径。

local5.*                                        /var/log/samba/samba.log

----------------------------------------------------------------------------------

可以用 loganalyzer 通过lamp访问查看

yum -y install rsyslog-mysql

会自带一个创建数据库脚本  /usr/shart/doc/rsyslog-mysql-**/createDB.sql

新建mysql用户,并创建数据库

mysql>grant all on Syslog to 'log'@'localhost' identified by 'logpass'


#mysql -ulog -p < /usr/shart/doc/rsyslog-mysql-**/createDB.sql



 --------------/etc/rsyslog.conf------------------

$ModLoad ommysql     加载mysql模块

local5.*                                        :ommysql:localhost,Syslog,log,logpass


----------------------------------------------------


下载loganalyzer   wget http://download.adiscon.com/loganalyzer/loganalyzer-3.6.5.tar.gz

解压

#cd loganalyzer***

#cp scr /var/www/html/log

#cp contrib/* /var/www/html/log/

#cd /var/www/html/log

#bash ./configure.sh