Содержание

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Для проверки кэширования учетных данных, в случае,

когда необходимо произвести вход на ПК со своими учетными данными из AD в условиях отсутствия подключения к сети, нелобходимо:


  1. Привести конфигурационный файл /etc/samba/smb.conf к следующему виду:

[global]

usershare allow guests = Yes

map to guest = Bad User

obey pam restrictions = Yes

pam password change = Yes

passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

passwd program = /usr/bin/passwd %u

server role = standalone server

unix password sync = Yes


workgroup = WIN2012

#имя домена

realm = WIN2012.RBT

security = ADS

encrypt passwords = true

dns proxy = no

socket options = TCP_NODELAY

domain master = no

local master = no

preferred master = no

os level = 0

domain logons = no

load printers = no

show add printer wizard = no

printcap name = /dev/null

disable spoolss = yes

idmap config * : range = 10000-20000

idmap config * : backend = tdb

winbind nss info = rfc2307

winbind separator = \\

winbind enum groups = yes

winbind enum users = yes

winbind use default domain = yes

template shell = /bin/bash

winbind refresh tickets = yes

winbind offline logon = yes

winbind cache time = 1440

#имя сервера AD

password server win-8d2bo7ujh4s  


2. Привести конфигурационный файл  /etc/security/pam_winbind.conf:


[global]

debug = no

debug_state = no

try_first_pass = yes

cached_login = yes

krb5_auth = yes

krb_ccache_type = FILE

silent = yes

mkhomedir = yes



  • No labels