ubuntu添加samba用户

Samba简介

Samba是一个在Linux和Unix系统上实现SMB/CIFS协议的软件，通过Samba,用户可以在本地计算机上访问Windows共享文件和打印机，同时也可以实现文件和打印机的共享，Samba的主要优点是它可以在不安装Windows操作系统的情况下实现Windows的功能。

Winbind简介

Winbind是Ubuntu 16.04中用于与Active Directory(AD)集成的一个工具，通过Winbind,Ubuntu系统可以与AD域进行通信，实现用户和组的管理，Winbind支持本地和域用户认证，以及Kerberos身份验证。

将Ubuntu 16.04添加到AD域的步骤

1、安装必要的软件包

在Ubuntu 16.04上，首先需要安装一些必要的软件包，如samba、winbind、sssd等，可以使用以下命令安装这些软件包：

sudo apt-get update
sudo apt-get install samba winbind sssd smbclient krb5-user libpam-winbind libnss-winbind 

2、配置Winbind

编辑/etc/winbind/winbindd.conf文件，添加以下内容：

设置域名
domain = YOURDOMAIN.COM
realm = YOURDOMAIN.COM
idmap config * : backend = tdbsam
idmap config * : range = 10000-99999
idmap config * : override_map = badcred
idmap config * : valid_ids = 10000-99999
idmap config * : runas_script = /usr/lib/winbind/bin/wbrunasid
idmap config * : runas_uid = 500
idmap config * : runas_gid = 500
idmap config * : use_authtoks = true
idmap config * : filter = usercert,krb5pdc,krb5ccname,ldappublicsuffix,dnsroot,reversedomain,hostbasedn,defaultdomain,maxtokenlifetime,supportedenctypes,homedir,loginshell,lastlogoff,lastlogon,wtmpstart,wtmpend,admincount,admincountpwchange,maxbadpassword,minpasswdlen,minclassroomsize,lockoutduration,lockoutthreshold,failedloginattemptlimit,failedlogintimeout,passwdchangetime,passwdexpiretime,passwdhistorysize,maxsessionage,forcettysessauth,forcecommandprompt,allowtpm,winbindenumusers_use_minpwchange_days,winbindenumusers_use_minclassroom_size_days,winbindenumusers_use_minpasswd_length_days,winbindenumusers_use_maxpwage_days,winbindenumusers_use_maxclassroom_size_days,winbindenumusers_use_maxpasswd_length_days,winbindenumusers_use_maxsessionage_days,winbindenumgroups_use_mingroupsize_days,winbindenumgroups_use_minpasswd_length_days,winbindenumgroups_use_maxgroupsize_days,winbindenumgroups_use_maxpasswd_length_days,winbindenumgroups_use_maxsessionage_days 

3、配置Samba

编辑/etc/samba/smb.conf文件，添加以下内容：

[global]
   workgroup = YOURDOMAIN.COM
   server string = Samba Server %v
   netbios name = yourpcnamehere
   security = user
   map to guest = bad user
   idmap config * : backend = tdbsam
[YOURDOMAIN]
   path = /home/%U/%S
   browsable = yes
   writable = yes
   guest ok = yes 

4、重启Samba服务和SSSD服务

使用以下命令重启Samba服务和SSSD服务：

sudo systemctl restart smbd nmbd sshd authconfig winbindd dbus-daemon cups-daemon postfix nginx-wrapper udevd lightdm-syslog-daemon systemd-timesyncd systemd-networkd systemd-resolved systemd-timesyncd systemd-random-seeded systemd-hostnamed systemd-resolve@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random-seeded@localhost systemd-hostnamed@localhost systemd-timesync@localhost systemd-random=yes resolvconf=static network=yournetworkinterface networkconnectivity=auto timezone=Asia/Shanghai failover=proxy protocol=tcp vlan=yourvlan interface=yourethernetinterface domain=YOURDOMAIN.COM locale=zh_CN type=unixio logindefs=UNIX iocharset=utf8 passwd minlen=8 minclassroomsize=1 passwordhistory=7 lockout duration=30 lockout threshold=3 failedloginattempts=3 encrypt passwords=yes useauthtoks=no usefirstpass=no usemsdpchg=no forceseccomp=no forcefieeeparm=no forcefileperms=no strictaes=no auditfailedpwchange=yes auditfailedlockfailure=yes auditfailedlogonfailure=yes auditfailedaccountlockfailure=yes enablehomedirs=yes homedir=%h forceguestok=no forceumask=0022 noguestok=yes anonymizeftplogs=no anonymizeftpextlogs=yes anonymizenames=no anonymizeuids=no anonymizegids=no anonymizemacaddrs=no logfilemode=0644 maxlogfilesize=5M loglevel=INFO maxwriterate=100k maxnprocs=16 maxprocperjob=8 maxjobsperworker=8 maxworkersperchild=16 allowroot=no allowtdelim='' denyroot='' allowanyuid=no portrange=$PORTRANGE hostsallow='' hostsdeny='' hostsexclude='' hostsmatchall='' hostsonly='' netbios name='' netbios scope='' netbios usentlmv2=yes template homedir='' template shell='/bin/bash' template homedir='' template admin='' template adminpw='' template workgroup='' template machinetype='' template lastlogon='' template lastlogoff='' template failedpwchange='' template failedlockfailure='' template failedlogonfailure='' template failedaccountlockfailure='' template enablehomedirs='' template homedir=%h template forceguestok=no template forceumask='0022' template anonymizeftplogs=template anonymizeftpextlogs=template anonymizenames=template anonymizeuids=template anonymizegids=template anonymizemacaddrs=template logfilemode=0644 template maxlogfilesize=5M template loglevel=INFO template maxwriterate=100k template maxnprocs=16 template maxprocperjob=8 template maxjobsperworker=8 template maxworkersperchild