Ubuntu20.04通过realmd+samba+winbind实现AD账号登陆:
apt-get install realmd samba winbind libpam-winbind libnss-winbind
realm discover aa.ming.com (aa.ming.com为DC)
winbind模式(会自动安装libpam-winbind、winbind,也可提前装好):
realm join -v --membership-software=samba --client-software=winbind aa.ming.com -U xxx.xxx
vi /etc/ssh/sshd_config
PasswordAuthentication yes
:wq
systemctl restart ssh
vi /etc/nsswitch.conf
passwd: files winbind
group: files winbind
shadow: files winbind
:wq
vi /etc/samba/smb.conf
[global] (自动添加)
kerberos method = system keytab
realm = MING.COM
template homedir = /home/%U (默认为/home/%U@%D,%D是域名)
password server = aa.ming.com
template shell = /bin/bash
security = ads
idmap gid = 10000-2000000
idmap uid = 10000-2000000
winbind use default domain = yes (默认为no,yes可不带域名)
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
[homes] (手动启用)
comment = Home Directories
browseable = no
create mask = 0700
directory mask = 0700
valid users = %S
:wq
systemctl restart smbd
systemctl restart nmbd
systemctl restart winbind
验证:
getent passwd xxx.xxx
或
id xxx.xxx (uid为5位数字)
或
ssh xxx.xxx@ip
samba共享:\\ip 不用输用户名密码即可访问
