Samba

HPUX 11.31 上的 Samba4

  • March 18, 2015

我正在嘗試設置 hpux samba,我使用這個 smb.conf

[global]
       workgroup = DOMINIO
   realm = DOMINIO.COM
   server string = ""
   netbios name = HPUX2
       security = ads
       hosts allow = 192.168.0.0/24 127.0.0.1
       debug level = 10
       log file = /var/opt/samba4/log/%m.log
       max log size = 50
       log level = 1
       syslog = 0
       template shell = /usr/local/bin/bash
       template homedir = /home/%U
       winbind separator = /
       winbind enum users = yes
       winbind enum groups = yes
       winbind use default domain = yes
       encrypt passwords = yes
       invalid users = root
       local master = yes
       domain master = no
       preserve case = yes
       short preserve case = no
       default case = lower
       case sensitive = no
   map to guest = never
   restrict anonymous = 2
   hide dot files = yes
   guest account = smbnull


[Pubblica]
  comment = Dir pubblica
  browseable = yes
  guest ok = yes
  guest only = no
  public = yes
  path = /var/pubblica
  writable = yes

當我嘗試加入 AD(samba4)時,它會在 AD 的電腦上創建 hpux 電腦,但由於此錯誤而失敗

Failed to join domain: failed to connect to AD: Cannot contact any KDC for requested realm

Kinit 工作正常,並且 krb5.conf 正常我還看到創建了 spn 條目但 wbinfo -g 和 wbinfo -u 報告失敗在伺服器日誌上我看到

 receive_smb_raw_talloc failed for client ipv4:192.168.0.16:51845 read error = NT_STATUS_END_OF_FILE.

我嘗試了我編譯的 samba4 和 hpux 的 cifs-server

尋求幫助,這是 krb5.conf

[libdefaults]
default_realm = DOMINIO.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
allow_weak_crypto = true

[realms]
DOMINIO.COM = {
}

[domain_realm]
.dominio.com = DOMINIO.COM
dominio.com = DOMINIO.COM

我在 hpux 11.23 上嘗試過 samba hp(稱為 hp cifs 伺服器),並且在 samba4 伺服器上也能正常工作。問題是新的 hp cifs 伺服器唯一可以在 11.31 上使用 samba4 工作的伺服器是 03.02.00 最新版本不起作用 編輯:最新版本 03.02.04 可以在最新的 samba 4.2 上正常工作

找到解決方案。將 hpux 11.31 加入到帶有廣告的 ad samba4 的唯一方法是 a) 重新編譯自己的 krb5 mit(可能,從 Makefile pedantic 和 werror 中刪除) b) 使用此配置安裝 krb5 mit 後重新編譯 samba3

./configure --prefix=/opt/samba3 --with-lockdir=/var/opt/samba3/locks --with-privatedir=/var/opt/samba3/private --sysconfdir=/etc/opt/samba3 --localstatedir=/var/opt/samba3 --with-krb5=/opt/krb5  CPPFLAGS='-I/opt/krb5/include' LDFLAGS=' -L/opt/krb5/lib -Wl,+b,/opt/krb5/lib -lkrb5 -lk5crypto -lcom_err'

c) 像這樣使用 smb.conf,不要忘記之前創建一個 smbnull 使用者

[global]
       workgroup = DOMINIO
   realm = DOMINIO.COM
   server string = ""
   netbios name = HPUX2
       security = ads
       hosts allow = 192.168.0.0/24 127.0.0.1
       debug level = 10
       log file = /var/opt/samba4/log/%m.log
       max log size = 50
       log level = 1
       syslog = 0
       template shell = /usr/local/bin/bash
       template homedir = /home/%U
       winbind separator = /
       winbind enum users = yes
       winbind enum groups = yes
       winbind use default domain = yes
       encrypt passwords = yes
       invalid users = root
       local master = yes
       domain master = no
       preserve case = yes
       short preserve case = no
       default case = lower
       case sensitive = no
   map to guest = never
   restrict anonymous = 2
   hide dot files = yes
   guest account = smbnull

d) 然後修復一些庫錯誤編輯 /etc/SHLIB_PATH 或導出 SHLIB_PATH 並執行守護程序 smbd,nmbd,winbindd 像往常一樣使用 net ads join AD 使用 wbinfo 測試它

引用自:https://unix.stackexchange.com/questions/175832

相關問答

Samba

Samba 域有多個與之關聯的 ip

  • August 25, 2020
檢視問答
Samba

AD 使用者無法訪問 Samba 共享

  • July 20, 2020
檢視問答
Linux

使用 Linux 伺服器對 Windows 設備進行身份驗證是否可行/可行?

  • August 9, 2018
檢視問答
Linux

連接到 Active Directory(可能使用 winbind)

  • July 4, 2018
檢視問答
Samba

針對 samba 活動目錄的 postgresql 身份驗證

  • April 26, 2018
檢視問答
Users

如何在 Samba Active Directory 中導出完整的使用者列表?

  • December 19, 2017
檢視問答