# sudo yum install samba samba-client samba-common -y
# systemctl restart smb //重啟smb服務
# systemctl restart nmb //重啟nmb服務
# systemctl enable smb //設定開機自動啟動smb
# systemctl enable nmb //設定開機自動啟動nmb
# vi /var/log/samba/log.smbd //查看samba Log
如samba Log出現Unable to connect to CUPS server錯誤訊息
# vi /etc/samba/smb.conf
註解掉
; load printers = yes
; printing = cups
加入
load printers = no
printing = bsd
重啟服務
# systemctl restart smb
# vi /etc/samba/smb.conf //開啟 Samba 的設定檔
[global]
log file = /var/log/samba/log.%m
load printers = no
server string = Samba Server Version %v
printing = bsd
wins server = ad.domain.com //Wins Server
workgroup = DOMAIN //預設為MYGROUP,依網域名稱輸入Doamin name
os level = 20
winbind trusted domains only = yes
winbind use default domain = yes
security = domain //預設為user,需要輸入主機帳號才可登入,AD分享設訂為domain
passdb backend = tdbsam
max log size = 50
[Folder] //建立分享資料夾
writeable = yes
path = /opt/lampp/htdocs/Folder //分享路徑
revalidate = yes
comment = Folder //分享資料夾名稱
valid users = Jeter,Sam,Cat,Banana //允許存取AD帳號
create mode = 777
directory mode = 777
# sudo yum install krb5-workstation realmd sssd samba-common adcli
# sudo vi /etc/sssd/sssd.conf
[sssd]
domains = domain.com //Domain name
config_file_version = 2
services = nss, pam
[domain/domain.com]
ad_domain = domain.com //Domain name
krb5_realm = DOMAIN.COM //Domain name
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False //關閉輸入網域名稱
enumerate = True
fallback_homedir = /home/%u@%d
access_provider = deny
# systemctl restart sssd //重啟sssd服務
# realm join domain.com --user Jeter //以AD使用者登入網域
# Password for adadmin: [PASSWORD] //輸入密碼
# getent passwd //列出使用者
# getent group //列出群組
# realm list //查看AD資訊
# id domain.com\\Jeter //查網域帳號資訊
# id Jeter //查帳號資訊
# chown 'root:domain users' Folder //將Folder資料夾個人權限設定為domain user
# smbstatus //查看使用者使用情況
# testparm //檢查Samba設定
分享資料夾使用AD帳號這地方卡關,已加入AD後,這段話我不懂
回覆刪除假設網域為JJJ
帳號為123
下列這該怎打?
valid users = //允許存取AD帳號