我已经意识到将Redhat 5.5configuration为PDC(主域控制器),客户端( Windows XP和Windows 2003 )可以join这个领域。 Linux服务器的域名是EXAMPLE.COM 。
目前,当时间客户端(例如Windows 2003 )joinEXAMPLE.COM , Wireshark捕获的数据包中,我们知道dcerpc协议中只有NTLM数据包,没有Kerberos数据包。 结论是客户端不执行Kerberos身份validation。 我的sambaconfiguration文件smb.conf如下:
[global] workgroup = SINF #my domain name server string = Samba PDC Server netbios name = SAMBA149 #my host name local master = yes preferred master = yes domain master = yes local master = yes wins support = yes os level = 100 domain logons = yes logon drive = K: logon script = startup.bat time server = yes admin users = root logon path = \\%N\%U\profile logon home = \\%N\%U log file = /var/log/samba/log.%m max log size = 50 security = user passdb backend = tdbsam [netlogon] comment = Network Logon Service path = /winhome/netlogon writable = no write list = root follow symlinks = yes guest ok = yes [homes] comment = Home Directiories browseable = no writable = yes create mode = 0664 directory mode = 0775 [project] comment = smbuser's project path = /home/samba/project browseable = yes writeable = yes write list = @users
接下来,我想在客户端joinPDC时执行kerberosauthentication,我该如何实现呢? 任何帮助将不胜感激! 提前非常感谢!
看看他的: http : //wiki.samba.org/index.php/Samba_AD_DC_HOWTO
说实话,不使用Kerberos的原因有点复杂。 这是我头顶的一个快速清单: