我有一个包含 Windows Server 2003 Active Directory 服务器和 Windows 11 计算机的网络。我的计划是用 Fedora Linux Server Edition - fedora 40 替换 Windows Server 2003。我可以使用 Windows 11 客户端和一个 Fedora Linux 40 客户端对其进行测试。
旧境界是SONCANALS。新境界是SCNG。
我遵循Fedora 杂志的指南。
配置
服务器 IP 是
10.216.1.16,域名是scng.educaib服务器主机名是
l1.scng.educaibsamba.conf:cat /etc/samba/smb.conf # Global parameters [global] dns forwarder = 1.1.1.1 netbios name = L1 realm = SCNG.EDUCAIB server role = active directory domain controller workgroup = SCNG idmap_ldb:use rfc2307 = yes ldap server require strong auth = no [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/scng/scripts read only = NoKerberos 配置:
# cat /etc/krb5.conf.d/samba-dc [libdefaults] default_realm = SCNG.EDUCAIB dns_lookup_realm = false dns_lookup_kdc = true [realms] SCNG.EDUCAIB = { default_domain = SCNG } [domain_realm] l1.scng.educaib = SCNG.EDUCAIB/etc/systemd/resolved.conf.d/custom.conf:[Resolve] DNSStubListener=no Domains=scng.educaib DNS=10.216.1.16
我有一台装有 Fedora 40 的机器,我用它来测试 samba。当我测试时,一切都很好(教程指南中的“测试”部分)。当我运行 时realm discover,我只能得到旧领域,而不是新领域:
realm discover -v
* Resolving: _ldap._tcp.soncanals
* Performing LDAP DSE lookup on: 10.216.1.2
* Performing LDAP DSE lookup on: 10.216.1.10
* Performing LDAP DSE lookup on: 10.216.1.4
* Successfully discovered: soncanals
soncanals
type: kerberos
realm-name: SONCANALS
domain-name: soncanals
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-common
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd-ad
required-package: adcli
required-package: samba-common-tools
在 Windows 中,当我尝试加入时SCNG,系统提示我以管理员身份登录,但是当我输入凭据时,它花费的时间太长并且会离开对话框。
我该如何对这里的问题进行分类?例如,我可以看到哪些日志(我有很多日志/var/log/samba/)。我的 Samba 版本是 4.20.5。
我的首要任务是加入新域并以该域中的普通用户身份登录 Windows。我暂时放弃共享目录。
编辑(2024-11-11):Fedora Magazine 指南中的测试已通过:
测试
连接测试
$ smbclient -L localhost -N
Anonymous login successful
Sharename Type Comment
--------- ---- -------
sysvol Disk
netlogon Disk
IPC$ IPC IPC Service (Samba 4.21.1)
SMB1 disabled -- no workgroup available
$ smbclient //localhost/netlogon -UAdministrator -c 'ls'
Password for [SCNG\Administrator]:
. D 0 Thu Oct 31 10:17:05 2024
.. D 0 Thu Oct 31 10:17:05 2024
15663104 blocks of size 1024. 12979380 blocks available
DNS 测试
$ host -t SRV _ldap._tcp.scng.educaib.
_ldap._tcp.scng.educaib has SRV record 0 100 389 l1.scng.educaib.
$ host -t SRV _kerberos._udp.scng.educaib.
_kerberos._udp.scng.educaib has SRV record 0 100 88 l1.scng.educaib.
$ host -t A l1.scng.educaib.
l1.scng.educaib has address 10.216.1.16
Kerberos 测试
$ kinit administrator
Password for [email protected]:
ladmin@l1:~$ klist
Ticket cache: KCM:1000
Default principal: [email protected]
Valid starting Expires Service principal
11/11/24 10:15:10 11/11/24 20:15:10 krbtgt/[email protected]
renew until 18/11/24 10:15:06