Samba 3.6.12和NIS

Question

我们能够在Solaris 10 U5上的Samba 3.0.8上使用Samba和NIS。当我们将系统更新到Solaris 10 U11时，samba版本变成了3.6.12。我们无法像旧风格那样进行身份验证。

我没有在下面包含一些参数(创建目录掩码，等等)

旧smb.conf

    [global]
    workgroup = WORKGROUPNAME
    server string =  Samba Server
    security = SERVER
    password server = dc6n, dc7n
    username map = /etc/sfw/username.map
    local master = No
    dns proxy = No
    wins server = dc6n, dc7n
    kernel oplocks = No
    host msdfs = No
    map archive = No
    oplocks = No
    level2 oplocks = No

旧nsswitch.conf

    passwd files nis
    hosts  files nis 

我们尝试将相同的配置设置为Samba 3.6.12，但没有工作。因此，我决定在Kerberos中使用security = ADS。这是可行的，但我们不想这样。因为，只有windows域用户能够登录，NIS用户不能登录。

新/etc/smb.conf

    workgroup = WORKGROUPNAME
    realm = domain.com
    security = ADS
    password server = dc6n.domain.com
    utmp = Yes
    idmap config *:backend = tdb
    idmap config *:range = 5000-9999
    idmap config NETADM:backend = tdb
    idmap config NETADM:range = 10000-90000
    idmap uid = 100000-500000
    idmap gid = 100000-500000
    template homedir = /home/%U
    template shell = /bin/tcsh
    winbind cache time = 1800
    winbind enum users = No
    winbind enum groups = No
    winbind use default domain = Yes
    winbind separator = /
    create krb5 conf = No
    local master = yes
    domain login = yes
    domain master = yes
    preferred master = yes

新/etc/nsswitch.conf

    passwd files winbind  nis
    hosts  files winbind  nis 

新/etc/krb5.conf

    [libdefaults] 
        domain.com = domain.com
        dns_lookup_kdc = true 

    [realms] 
        symantec.local = { 
            kdc = dc6n.domain.com
            admin_server = dc6n.domain.com
        } 

    [domain_realm] 
    .domain.com = domain.com

我可以通过wbinfo和genent命令从AD和NIS获取用户信息。

我们怎样才能再次像旧风格一样认证呢？

Answer 1

确保在您的/etc/pam.d/system-auth-ac文件中有winbind会话的条目。