linux加入到windows域的問題
使用了這個指令後出現下面的錯誤提示:
#/usr/bin/net join -w smbwinserver -S smbwin.smbwin.com -U Administrator
Password:
Using short domain name -- SMBWINSERVER
Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'SMBLDAPSERVER' in realm 'SMBWIN.COM'
Failed to join domain: Type or value exists
ADS join did not work, falling back to RPC...
Joined domain SMBWINSERVER.
請問各位這個是怎麼回事?
《解決方案》
解析的問題?
《解決方案》
老大,這是配置,請過目看看,是不是哪裡出錯了?
Windows 2003 Server
hostname: smbwin.smbwin.com
Domine: smbwinserver
Full Domine: smbwinserver.smbwin.com
IP: 192.168.16.26/24
GW: 192.168.16.26
dns: 192.168.16.26
Create Forward Lookup Zones and Reverse Lookup Zones for DNS,for expmale:
Forward Lookup Zones:
host(A) smbwin 192.168.16.26
host(A) smbldap 192.168.16.25
Reverse Lookup Zones:
192.168.16.26 Pointer(PTR) smbwin.smbwin.com
192.168.16.25 Pointer(PTR) smbldap.smbwin.com
=======================================================================
RHEL 5.1
hostname: smbldap.smbwin.com
Domine: smbwinserver
Full Domine: smbwinserver.smbwin.com
IP: 192.168.16.25/24
GW: 192.168.16.26
dns: 192.168.16.26
1) vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.16.25 smbldap.smbwin.com smbldap
192.168.16.26 smbwinserver.smbwin.com smbwin
2) vi /etc/resolv.conf
nameserver 192.168.16.26
3) vi /etc/krb5.conf
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
default_realm = SMBWIN.COM
dns_lookup_realm = true
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
SMBWIN.COM = {
admin_server = smbwin.smbwin.com
default_domain = SMBWIN.COM
kdc = smbwin.smbwin.com
}
.smbwin.com = SMBWIN.COM
smbwin.com = SMBWIN.COM
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
4) Compiling Samba-3.0.28a.tar.tar
tar zxvf samba-3.0.28a.tar.tar
cd samba-3.0.28a/source/
./configure \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/libexec \
--sharedstatedir=/usr/share \
--localstatedir=/usr/var \
--libdir=/usr/lib \
--includedir=/usr/include \
--mandir=/usr/man \
--with-ctdb=/lib \
--with-profiling-data \
--enable-developer \
--enable-krb5developer \
--enable-socket-wrapper \
--enable-swat \
--enable-shared-libs \
--with-ldap \
--with-ads \
--with-krb5=/usr/kerberos \
--with-automount \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-quotas \
--with-sys-quotas \
--with-cluster-support \
--with-acl-support \
--with-winbind
5) vi /etc/samba/smb.conf
workgroup = smbwinserver
netbios name = smbldapserver
server string = Samba Server
security = ads
load printers = yes
log file = /usr/local/samba/var/log.%m
max log size = 50
password server = smbwin.smbwin.com
realm = SMBWIN.COM
passdb backend = tdbsam
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd %u
add group script = /usr/sbin/groupadd %g
add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
delete user script = /usr/sbin/userdel %u
delete user from group script = /usr/sbin/deluser %u %g
delete group script = /usr/sbin/groupdel %g
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind enum groups = yes
winbind enum users = yes
winbind separator = /
winbind use default domain = yes
template homedir = /homes/%D/%U
template shell = /bin/bash
encrypt passwords = yes
6) # service smb start
# service winbind start
《解決方案》
還有,到下面的幾步的時候還是沒有問題的。。。
9)# wbinfo -t
checking the trust secret via RPC calls succeeded
10)# wbinfo -u (Checking user information for windows domain)
administrator
guest
support_388945a0
iusr_smbwin
iwam_smbwin
aspnet
wmus_smbwin
krbtgt
it01
it02
it03
it04
it05
it06
ops01
ops02
ops03
ops04
ops05
ops06
admin01
admin02
admin03
admin04
admin05
admin06
sale01
sale02
sale03
sale04
sale05
sale06
11) # wbinfo -g (Checking Group information for windows domain)
domain computers
domain controllers
schema admins
enterprise admins
domain admins
domain users
domain guests
group policy creator owners
dnsupdateproxy
szit
ops
admin
sales
12) # kinit administrator@SMBWIN.COM
Password for administrator@SMBWIN.COM:
問題是,在windows2003的「網上鄰居」裡雖然可以看到 smbldapserver,但是用windows 域的任一個帳號都不能打開 smbldapserver 。。。。。都提示密碼錯誤。。。。
《解決方案》
既然可是看到SAMBA伺服器,不能訪問應該還是密碼的問題。
還有,是不是帳號對應的問題?
新手,說錯了大家別拍磚^^