== Active Directory Domain with Samba Domain Member Server == * »ï¹Ù °ø½Ä ¹®¼­ ±â¹ÝÀÇ °³ÀÎÀûÀÎ °æÇèÀÔ´Ï´Ù. * ¼³Á¤ÇÑ ½áºñ½º´Â ´ÙÀ½°ú °°½À´Ï´Ù. * Active Directory on Windows 2003 Server * CentOS 4.0 samba 3.0.x ( 2005.05.05 ÃֽŠ) * Âü°íÇÑ ¹®¼­´Â ´ÙÀ½°ú °°½À´Ï´Ù. *SAMBA DOC [http://us1.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm] *GENTOO DOC [http://gentoo-wiki.com/HOWTO_Add_a_gentoo_server_to_a_windows_network] * ÀÛ¼ºÀÚ ´ÙÁñ¸µ dj@iz4u.net === ÀÛ¾÷½Ã À¯ÀÇ»çÇ× === * ½Ã½ºÅÛ ¸¶À̱׷¹ÀÌ¼Ç ÀÛ¾÷½Ã¿¡ ad ¿Í uid , gdi ¸ÅÇÎÀÌ Ç®¸®´Â °æ¿ì°¡ ÀÖ´Ù. * À¯ÀÇÇÏÀÚ -_-;; ( ¾ÆÁ÷ ÇØ°áÃ¥ ¸øáÀ½ ) === Ãß°¡ ¿äû »çÇ× , º¯°æ¿ä±¸Á¡ === * ÀÛ¼ºÇØÁֽʽÿÀ. === ¿¬°èÀýÂ÷ === ==== ¼³Á¤ ÆÄÀÏÀº ´ÙÀ½°ú °°½À´Ï´Ù. ==== /etc/samba/smb.conf {{{ unix charset = CP949 netbios name = URSERVERNAME workgroup = URWORKGROUP server string = URSERVERNAME hosts allow = 111.222.333.444 log file = /var/log/samba/%m.log max log size = 50 realm = UR ACTIVE DIRECTORY REALM security = ADS encrypt passwords = yes username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 ldap ssl = no dns proxy = no idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/false winbind enum users = yes winbind gid = 10000-20000 winbind enum groups = yes winbind separator = + winbind cache time = 10 winbind use default domain = Yes # yes ÀϽÿ¡´Â Á¶±Ý Ʋ·ÁÁü template primary group = "UR AD GROUP NAME" template shell = /bin/bash template homedir = /samba/users/%U # À¯Àú ¸ÊÇÎÀÌ Ç®¸®´Â °æ¿ì°¡ À־ ´ÙÀ½ÁÙ Ãß°¡ client schannel = no }}} ==== /etc/nsswitch.conf ¸¦ ´ÙÀ½Ã³·³ ¹Ù²ß´Ï´Ù. ==== ³ª¸ÓÁö ºÎºÐÀº À¯ÁöÇÕ´Ï´Ù. {{{ passwd: compat winbind shadow: files group: compat winbind hosts : files dns wins }}} ==== /etc/samba/*.tdb ¸¦ »èÁ¦ÇÕ´Ï´Ù ==== {{{ rm -f /etc/samba/*.tdb }}} ==== /var/cache/samba/*.tdb ¸¦ »èÁ¦ÇÕ´Ï´Ù.==== {{{ rm -f /var/cache/samba/*.tdb }}} ==== /etc/krb5.conf ¸¦ ´ÙÀ½°ú °°ÀÌ ¼öÁ¤ÇÑ´Ù ==== {{{[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = '''UR ACTIVE DIRECTORY REALM''' ticket_lifetime = 24000 dns_lookup_realm = false dns_lookup_kdc = false [realms] '''UR ACTIVE DIRECTORY REALM''' = { kdc = '''UR ACTIVE DIRECTORY HOSTNAME''':88 } }}} ==== active directory ¿¡ ·Î±äÇÕ´Ï´Ù. ==== {{{ kinit administrator@UR ACTIVE DIRECTORY REALM passwd:¾ÏÈ£ ³ÖÀ½ (°ü¸®ÀÚ ¾ÏÈ£ ) }}} ==== ÆÄÀϽá¹ö¸¦ ¿¬µ¿½Ãŵ´Ï´Ù ==== {{{ net ads join -UAdministrator@UR ACTIVE DIRECTORY REA passwd:¾ÏÈ£ ³ÖÀ½ (°ü¸®ÀÚ¾ÏÈ£ ) }}} ==== rpc ¿¡ Á¶ÀÎÇÕ´Ï´Ù ==== {{{ net rpc join -UAdministrator@UR ACTIVE DIRECTORY REALM passwd:°ü¸®Å¸¾ÏÈ£ }}} ==== winbind ¿Í smb ¼­ºñ½º¸¦ ¿Ã¸³´Ï´Ù ==== {{{ chkconfig --add smb chkconfig --add winbind service smb restart service winbind restart }}} ==== À¯Àú¿Í ±×·ìÀÇ ¿¬µ¿À» È®ÀÎÇÕ´Ï´Ù ==== {{{ wbinfo -u : À¯Àú È®ÀÎ wbinfo -g : ±×·ì È®ÀÎ }}} ´ÙÀ½°ú °°ÀÌ ³ª¿É´Ï´Ù. {{{ [root@file var]# wbinfo -u TEST+MAIN$ TEST+Administrator TEST+DC$ TEST+Guest TEST+IUSR_MAIN TEST+IWAM_MAIN TEST+test3 TEST+test1 TEST+test2 ... }}} {{{ [root@kiwi var]# wbinfo -g BUILTIN+System Operators BUILTIN+Replicators BUILTIN+Guests BUILTIN+Power Users BUILTIN+Print Operators BUILTIN+Administrators BUILTIN+Account Operators BUILTIN+Backup Operators BUILTIN+Users ... Áß°£ »ý·« ... TEST+°³¹ß½Ç ... }}} ==== ´ÙÀ½°ú °°ÀÌ »ï¹ÙÀÇ ¿µ¿ªÀ» ¼³Á¤Çغ¾´Ï´Ù ==== {{{ [devel] comment = °³¹ß½Ç path = /samba/devel read list = @°³¹ß½Ç writable = yes write list = @°³¹ß½Ç create mask = 0770 }}} ==== uid/sid ¹®Á¦ ÇØ°áÀ» À§ÇÑ nuri ´ÔÀÇ ÆÁ ==== * net idmap restore ·Î winbindd_idmap.tdb ¸¸µé¾îµÎ¸é uid /sid ¹®Á¦ ¾ø´Ù * net idmap dump > idmap_dump ·Î ´ýÇÁ * net idmap restore < idmap_dump ·Î ¸®½ºÅä¾î ( À©¹ÙÀÎµå ±¸µ¿Àü¿¡ ) * fc5 ¿¡ ÀÖ´Â samba 3.0.23 ¹öÁ¯Àº ¿©·¯°¡Áö sync ¹®Á¦µéÀÌ ÇØ°áµÇ¾úÀ½