Для включения машины с центосом в домен надо поправить четыре конфига
nano /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes [realms] ДОМЕН.ЛОКАЛ = {
kdc = дк.домен.локал
admin_server = дк.домен.локал
default_domain = домен.локал
} [domain_realm] .домен.локал = ДОМЕН.ЛОКАЛ
домен.локал = ДОМЕН.ЛОКАЛ
nano /etc/samba/smb.conf
[global] workgroup = доменrealm = ДОМЕН.ЛОКАЛ
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = true
winbind enum users = Yes
winbind enum groups = Yes
nano /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
nano /etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_krb5.so use_first_pass
auth sufficient pam_winbind.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account [default=bad success=ok user_unknown=ignore]pam_winbind.so
account required pam_permit.so
# account requisite pam_succeed_if.so user ingroup токаэтагруппа
password requisite pam_cracklib.so retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow
password sufficient pam_krb5.so use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0027
session optional pam_krb5.so
chkconfig smb on
chkconfig winbind on
service smb start
service winbind start
net ads join -U админдомена
reboot
Для синхронизайии времени с контроллером домена
ntpdate ДК
chkconfig ntpd on
service ntpd start
Если надо заходить по сети на самбу пользователям домена то
nano /etc/samba/smb.conf
path = /home/%U
browseable = no
writable = yes
Если использовать самбу как принтсервер то еще CUPS
nano /etc/samba/smb.conf
printcap name = cups
cups options = raw [printers] comment = All Printers
path = /var/spool/samba
browseable = no
printable = yes
use client driver = yes