局域网文件共享有很多种方式:windows的工作组,域。linux NFS,samba。由于windows研究的人太多,各种针对服务器的木马较多,容易造成服务器中毒。所有采取samba实现文件共享,通过windows 2008域实现账号管理。
软件版本:samba 3.5.4 linux redhat 5.7 windows server 2008 R2
先将配置文件附上,便于以后查找
smb.conf配置:
[global]
#--authconfig--start-line--
# Generated by authconfig on 2012/02/11 18:22:13
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = BRBLOG
password server = 192.168.188.172
realm = BRBLOG.CN
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
telmplate homedir=/home/%U
winbind use default domain = true
winbind offline logon = true
winbind enum groups = yes
winbind enum users = yes
winbind separator = /
krb5.conf的配置
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BRBLOG.CN
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
BRBLOG.CN = {
kdc = 192.168.188.172:88
kdc = 192.168.188.172:88
kdc = 192.168.188.172
admin_server = 192.168.188.172:749
default_domain =brblog.cn
kdc = 192.168.188.172
}
BRBLOG.CN = {
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
brblog.cn = BRBLOG.CN
.brblog.cn = BRBLOG.CN
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
