Содержание

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Для проверки кэширования учетных данных, в случае,

когда необходимо произвести вход на ПК со своими учетными данными из AD в условиях отсутствия подключения к сети, нелобходимо:


  1. Привести конфигурационный файл /etc/samba/smb.conf к следующему виду:

[global]

usershare allow guests = Yes

map to guest = Bad User

obey pam restrictions = Yes

pam password change = Yes

passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

passwd program = /usr/bin/passwd %u

server role = standalone server

unix password sync = Yes


workgroup = WIN2012

realm = WIN2012.RBT

security = ADS

encrypt passwords = true

dns proxy = no

socket options = TCP_NODELAY

domain master = no

local master = no

preferred master = no

os level = 0

domain logons = no

load printers = no

show add printer wizard = no

printcap name = /dev/null

disable spoolss = yes

idmap config * : range = 10000-20000

idmap config * : backend = tdb

winbind nss info = rfc2307

winbind separator = \\

winbind enum groups = yes

winbind enum users = yes

winbind use default domain = yes

template shell = /bin/bash

winbind refresh tickets = yes

winbind offline logon = yes

winbind cache time = 1440

password server win-8d2bo7ujh4s


2. Привести конфигурационный файл  /etc/security/pam_winbind.conf:


[global]

debug = no

debug_state = no

try_first_pass = yes

cached_login = yes

krb5_auth = yes

krb_ccache_type = FILE

silent = yes

mkhomedir = yes


 

  • No labels