Active DirectoryソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソス\ソスzソスiSambaソスj

ソスナ終ソスXソスVソスソスソスF 2017.11.25

ソスソスソスTソスv

SambaソスソスWindowsソスhソスソスソスCソスソスソスフソスソス[ソスUソス[ソスソスソスソスソスヌ暦ソスソスソスソスソスActive DirectoryソスソスソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスソスソス\ソスzソスソスソスソスB

ソスiソスソスソスjSamba4ソスノゑソスLDAPソスTソス[ソスoソス[ソスADNSソスTソス[ソスoソス[ソス@ソス\ソスソスソスワゑソスナゑソスソス驍スソス゚、ソス]ソスソスソスソスSamba3ソスナドソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスソスソス\ソスzソスソスソスソス鼾ソスノ必ソスvソスソスソスソスソスソスLDAPソスTソス[ソスoソス[(OpenLDAP)ソスソスDNSソスTソス[ソスoソス[(BIND)ソスフ難ソスソスソスソスヘ不ソスvソスB

ソスソスNTPソスTソス[ソスoソス[ソス\ソスzソスソスソスナゑソスソス驍アソスソス
ソスソスSambaソスTソス[ソスoソス[ソスADNSソスTソス[ソスoソス[ソスソスソスソスソスソスソスマでなゑソスソスソスソスソス

ソスyソス\ソスzソスソスソスソスソスiソスソスjソスz
ソスhソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスフホソスXソスgソスソス:centosdc01
ソスhソスソスソスCソスソスソスソス:CENTOS
ソスソスソスソスソスソス:CENTOS.LOCAL
ソスiソスソスソスjソスzソスXソスgソスソスソスニドソスソスソスCソスソスソスソスソスヘ異なるこソスソス


ソスソスソスzソスXソスgソスソスソスン抵ソス

[root@localhost ~]# echo centosdc01 > /etc/hostnameソス@ソスソスソス@ソスzソスXソスgソスソスソスン抵ソス

[root@localhost ~]# vi /etc/sysconfig/networkソス@ソスソスソス@ソスzソスXソスgソスソスソスン抵ソス
HOSTNAME=centosdc01

[root@localhost ~]# rebootソス@ソスソスソス@ソスVソスXソスeソスソスソスト起ソスソス

[root@centosdc01 ~]# hostnameソス@ソスソスソス@ソスzソスXソスgソスソスソスン抵ソスmソスF
centosdc01

ソスソスSambaソスCソスソスソスXソスgソス[ソスソス

[root@centosdc01 ~]# yum -y install perl gcc libacl-devel libblkid-devel gnutls-devel \
readline-devel python-devel gdb pkgconfig krb5-workstation \
zlib-devel setroubleshoot-server libaio-devel \
setroubleshoot-plugins policycoreutils-python \
libsemanage-python setools-libs-python setools-libs \
popt-devel libpcap-devel sqlite-devel libidn-devel \
libxml2-devel libacl-devel libsepol-devel libattr-devel \
keyutils-libs-devel cyrus-sasl-devel cups-devel bind-utils \
libxslt docbook-style-xsl openldap-develソス@ソスソスソス@SambaソスCソスソスソスXソスgソス[ソスソスソスノ必ソスvソスネパソスbソスPソス[ソスWソスソスソスCソスソスソスXソスgソス[ソスソス


[root@centosdc01 ~]# wget http://www.samba.org/samba/ftp/samba-latest.tar.gzソス@ソスソスソス@Sambaソス_ソスEソスソスソスソスソス[ソスh

[root@centosdc01 ~]# tar zxvf samba-latest.tar.gzソス@ソスソスソス@SambaソスWソスJ

[root@centosdc01 ~]# cd samba-*ソス@ソスソスソス@SambaソスWソスJソスソスfソスBソスソスソスNソスgソスソスソスヨ移難ソス


[root@centosdc01 samba-4.1.13]# ./configure && make && make installソス@ソスソスソス@SambaソスCソスソスソスXソスgソス[ソスソス

[root@centosdc01 samba-4.1.13]# cdソス@ソスソスソス@SambaソスWソスJソスソスfソスBソスソスソスNソスgソスソスソス抜ゑソスソスソス

[root@centosdc01 ~]# rm -rf samba-*ソス@ソスソスソス@SambaソスWソスJソスソスfソスBソスソスソスNソスgソスソスソスAソス_ソスEソスソスソスソスソス[ソスhソスソスソスソスソスtソス@ソスCソスソスソスソスソス除

ソスソスソスhソスソスソスCソスソスソスソスソスソス

[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain provision --use-rfc2307 --interactive --function-level=2008_R2ソス@ソスソスソス@ソスhソスソスソスCソスソスソスソスソスソス
Realm : CENTOS.LOCALソス@ソスソスソス@ソスソスソスソスソスソスソスiソスソス:CENTOS.LOCALソスjソスソスソスソスソスソス
 Domain [CENTOS]:ソス@ソスソスソス@ソスソスENTERソスiソスhソスソスソスCソスソスソスソスソスヘソスソスソスソスソスソスソスソスsソスソスソスIソスhソスナ包ソスソスソスソスソスソスソスソスナ搾ソスソス[ソスj
 Server Role (dc, member, standalone) [dc]:ソス@ソスソスソス@ソスソスENTERソスiソスTソス[ソスoソス[ソスソスソスソスソスヘドソスソスソスCソスソスソスRソスソスソスgソスソスソス[ソスソスソス[ソスj
 DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]:ソス@ソスソスソス@ソスソスENTERソスiDNSソスソスSAMBAソスソスソスソスDNSソスj
 DNS forwarder IP address (write 'none' to disable forwarding) [192.168.1.1]:ソス@ソスソスソス@ソスソスENTERソスiDNSソス]ソスソスソスソスヘ鯉ソスソスソスDNSソスj
Administrator password:ソス@ソスソスソス@ソスCソスモのドソスソスソスCソスソスソスヌ暦ソスソスメパソスXソスソスソス[ソスhソスソスソスソスソスソスソスiソスソスソスjソスpソスXソスソスソス[ソスhソスヘ英ソスソスソスソスソスLソスソスソスソスソスンゑソス8ソスソスソスソスソスネ擾ソスナゑソスソス驍アソスソス
Retype password:ソス@ソスソスソス@ソスhソスソスソスCソスソスソスヌ暦ソスソスメパソスXソスソスソス[ソスhソスソスソスト会ソスソスソスソスiソスmソスFソスj
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=centos,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=centos,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              centosdc01
NetBIOS Domain:        CENTOS
DNS Domain:            centos.local
DOMAIN SID:            S-1-5-21-1510493314-1459266175-3619656251

ソスソスソスhソスソスソスCソスソスソスソスソスソスソスソスソスソス闥シソスソスソス鼾
[root@centosdc01 ~]# rm -f /usr/local/samba/etc/smb.confソス@ソスソスソス@ソスhソスソスソスCソスソスソスソスソスソスソスナ撰ソスソスソスソスソスソス黷スソスtソス@ソスCソスソスソスソスソス除

[root@centosdc01 ~]# rm -rf /usr/local/samba/private/*ソス@ソスソスソス@ソスhソスソスソスCソスソスソスソスソスソスソスナ撰ソスソスソスソスソスソス黷スソスtソス@ソスCソスソスソスソスソス除

[root@centosdc01 ~]# rm -rf /usr/local/samba/var/locks/sysvol/*ソス@ソスソスソス@ソスhソスソスソスCソスソスソスソスソスソスソスナ撰ソスソスソスソスソスソス黷スソスtソス@ソスCソスソスソスソスソス除

ソスソスSambaソスNソスソス


[root@centosdc01 ~]# vi /etc/rc.d/init.d/sambaソス@ソスソスソス@SambaソスNソスソスソスXソスNソスソスソスvソスgソス成
#!/bin/bash
#
# samba4        This shell script takes care of starting and stopping
#               samba4 daemons.
#
# chkconfig: - 58 74
# description: Samba 4.0 will be the next version of the Samba suite
# and incorporates all the technology found in both the Samba4 alpha
# series and the stable 3.x series. The primary additional features
# over Samba 3.6 are support for the Active Directory logon protocols
# used by Windows 2000 and above.

### BEGIN INIT INFO
# Provides: samba4
# Required-Start: $network $local_fs $remote_fs
# Required-Stop: $network $local_fs $remote_fs
# Should-Start: $syslog $named
# Should-Stop: $syslog $named
# Short-Description: start and stop samba4
# Description: Samba 4.0 will be the next version of the Samba suite
# and incorporates all the technology found in both the Samba4 alpha
# series and the stable 3.x series. The primary additional features
# over Samba 3.6 are support for the Active Directory logon protocols
# used by Windows 2000 and above.
### END INIT INFO

# Source function library.
. /etc/init.d/functions


# Source networking configuration.
. /etc/sysconfig/network


prog=samba
prog_dir=/usr/local/samba/sbin/
lockfile=/var/lock/subsys/$prog


start() {
        [ "$NETWORKING" = "no" ] && exit 1
#       [ -x /usr/sbin/ntpd ] || exit 5

                # Start daemons.
                echo -n $"Starting samba4: "
                daemon $prog_dir/$prog -D
        RETVAL=$?
                echo
        [ $RETVAL -eq 0 ] && touch $lockfile
        return $RETVAL
}


stop() {
        [ "$EUID" != "0" ] && exit 4
                echo -n $"Shutting down samba4: "
        killproc $prog_dir/$prog
        RETVAL=$?
                echo
        [ $RETVAL -eq 0 ] && rm -f $lockfile
        return $RETVAL
}


# See how we were called.
case "$1" in
start)
        start
        ;;
stop)
        stop
        ;;
status)
        status $prog
        ;;
restart)
        stop
        start
        ;;
reload)
        echo "Not implemented yet."
        exit 3
        ;;
*)
        echo $"Usage: $0 {start|stop|status|restart|reload}"
        exit 2
esac

[root@centosdc01 ~]# chmod +x /etc/rc.d/init.d/sambaソス@ソスソスソス@SambaソスNソスソスソスXソスNソスソスソスvソスgソスノ趣ソスソスsソスソスソスソスソスtソスソス

[root@centosdc01 ~]# systemctl start sambaソス@ソスソスソス@SambaソスNソスソス

[root@centosdc01 ~]# systemctl enable sambaソス@ソスソスソス@SambaソスソスソスソスソスNソスソスソスン抵ソス

[root@centosdc01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0ソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスン抵ソスtソス@ソスCソスソスソスメ集

DNS1="127.0.0.1"ソス@ソスソスソス@ソス竝ソスソスソスソスDNSソスTソス[ソスoソス[ソスソスソスソスソスソスソスソスソスgソスノゑソスソスソス

[root@centosdc01 ~]# systemctl restart networkソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスト起ソスソス

[root@centosdc01 ~]# cat /etc/resolv.confソス@ソスソスソス@ソス竝ソスソスソスソスDNSソスTソス[ソスoソス[ソスマ更ソスmソスF
# Generated by NetworkManager
nameserver 127.0.0.1

[root@centosdc01 ~]# /bin/cp /usr/local/samba/private/krb5.conf /etc/ソス@ソスソスソス@krb5.confソスソスソスソスソスソスフデソスBソスソスソスNソスgソスソスソスヨコソスsソス[


ソスソスWindowsソスRソスソスソスsソスソスソス[ソス^ソス[ソスフドソスソスソスCソスソスソスQソスソス

WindowsソスRソスソスソスsソスソスソス[ソス^ソス[ソスソスSambaソスフドソスソスソスCソスソスソスノ参ソスソスソスソスソスソスソスソスB

ソスiソスPソスjソス竝ソスソスソスソスDNSソスTソス[ソスoソス[ソスソスSambaソスTソス[ソスoソス[ソスソスIPソスAソスhソスソスソスXソスノ変更ソスソスソスソス

ソスiソスQソスjソスソスソスソスソスOソスソスソス[ソスvソスソスソスhソスソスソスCソスソスソスノ変更ソスソスソスソスソスソスソスhソスソスソスCソスソスソスQソスソスソスソスソスノ指ソス閧キソス驛ソス[ソスUソス[ソスソスソスソスAdministratorソスAソスpソスXソスソスソス[ソスhソスヘドソスソスソスCソスソスソスソスソスソスソスナ指ソス閧オソスソスソスhソスソスソスCソスソスソスヌ暦ソスソスメパソスXソスソスソス[ソスhソスソスソスwソスソス

WindowsソスRソスソスソスsソスソスソス[ソス^ソス[ソスト起ソスソスソスソスAソスソスソス[ソスUソス[ソスソスソスノ「Administrator@ソスhソスソスソスCソスソスソスソスソスiソスソス:Administrator@centosソスjソスvソスAソスpソスXソスソスソス[ソスhソスノドソスソスソスCソスソスソスソスソスソスソスナ指ソス閧オソスソスソスhソスソスソスCソスソスソスヌ暦ソスソスメパソスXソスソスソス[ソスhソスソスソスwソス閧オソストドソスソスソスCソスソスソスノソスソスOソスIソスソスソスナゑソスソス驍アソスソス

ソスソスソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスソスソスソス

Windowsソスソスナソスソス[ソスUソス[ソスヌ暦ソスソスソスActive Directoryソスフ管暦ソスソスソスソスsソスソスソスcソス[ソスソスソスナゑソスソス驛奇ソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスソスソスCソスソスソスXソスgソス[ソスソスソスソスソスソスB
ソスネゑソスソスAソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスヘイソスソスソスXソスgソス[ソスソスソスソスソスソスソスソスソスソスソスナは暦ソスソスpソスナゑソスソスネゑソスソスBソスuソス@ソス\ソスLソスソスソスソスソスvソスAソスuソスXソス^ソス[ソスgソスソスソスjソスソスソス[ソスヨの表ソスソスソスvソスソスソスソスソスソスsソスソスソスKソスvソスソスソスソスソスソスB

ソスiソスPソスjAdministratorソスナドソスソスソスCソスソスソスヨソスソスOソスIソスソスソスソスソスソス

ソスiソスQソスjWindowsソスフバソス[ソスWソスソスソスソスソスノ搾ソスソスソスソスソスソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスソスソス_ソスEソスソスソスソスソス[ソスhソスソスソスソスソスCソスソスソスXソスgソス[ソスソスソスソスソスソス

ソスiソスRソスjソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスソスLソスソスソスノゑソスソスソス
ソスuソスRソスソスソスgソスソスソス[ソスソスソスpソスlソスソスソスvソスヒ「ソスvソスソスソスOソスソスソスソスソスvソスヒ「Windowsソスフ機ソス\ソスフ有ソスソスソスソスソスワゑソスソスヘ厄ソスソスソスソスソスソスv
ソスuソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソス@ソス\ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソスOソスソスソス[ソスvソス|ソスソスソスVソス[ソスヌ暦ソスソスcソス[ソスソスソスvソスソスソス`ソスFソスbソスN
ソスuソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソスソスソスソスソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「AD DSソスソスソスソスソスAD LDSソスcソス[ソスソスソスvソスヒ「AD DSソスcソス[ソスソスソスvソスヒ「NISソスTソス[ソスoソス[ソスcソス[ソスソスソスvソスソスソス`ソスFソスbソスN
ソスuソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソスソスソスソスソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「AD DSソスソスソスソスソスAD LDSソスcソス[ソスソスソスvソスヒ「AD DSソスcソス[ソスソスソスvソスヒ「AD LDSソスXソスiソスbソスvソスCソスソスソスソスソスソスムコソス}ソスソスソスhソスソスソスCソスソスソスcソス[ソスソスソスvソスソスソス`ソスFソスbソスN
ソスuソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソスソスソスソスソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「AD DSソスソスソスソスソスAD LDSソスcソス[ソスソスソスvソスヒ「AD DSソスcソス[ソスソスソスvソスヒ「Windows PowerShellソスpActive DirectoryソスソスソスWソスソスソス[ソスソスソスvソスソスソス`ソスFソスbソスN
ソスuソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソスソスソスソスソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「DNSソスTソス[ソスoソス[ソスcソス[ソスソスソスvソスソスソス`ソスFソスbソスN
ソスuソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソスソスソスソスソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソスtソス@ソスCソスソスソスTソス[ソスrソスXソスcソス[ソスソスソスvソスヒ「ソスソスソスソスソス[ソスgソスfソスXソスNソスgソスbソスvソスTソス[ソスrソスXソスcソス[ソスソスソスvソスソスソス`ソスFソスbソスN
ソスuOKソスv

ソスiソスSソスjソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスソスソスXソス^ソス[ソスgソスソスソスjソスソスソス[ソスノ表ソスソスソスソスソスソス
ソス^ソスXソスNソスoソス[ソスソスナ右ソスNソスソスソスbソスNソスヒ「ソスvソスソスソスpソスeソスBソスvソスナ「ソス^ソスXソスNソスoソス[ソスニ[ソスXソス^ソス[ソスgソスnソスソスソスjソスソスソス[ソスフプソスソスソスpソスeソスBソスvソスソスソスNソスソス
ソスuソスmソスXソス^ソス[ソスgソスnソスソスソスjソスソスソス[ソスvソス^ソスuソスヒ「ソスJソスXソス^ソス}ソスCソスYソスvソスヒ「ソスVソスXソスeソスソスソスヌ暦ソスソスcソス[ソスソスソスvソスナ「ソスmソスソスソスラてのプソスソスソスOソスソスソスソスソスnソスソスソスjソスソスソス[ソスニ[ソスXソス^ソス[ソスgソスnソスソスソスjソスソスソス[ソスノ表ソスソスソスソスソスソスvソスソスIソスソス

ソスuソスXソス^ソス[ソスgソスvソスヒ「ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「Active Directory ソスソスソス[ソスUソス[ソスニコソスソスソスsソスソスソス[ソス^ソス[ソスvソスソスActive DirectoryソスフドソスソスソスCソスソスソスAソスRソスソスソスsソスソスソス[ソス^ソス[ソスAソスソスソス[ソスUソス[ソスソスソスmソスFソスナゑソスソス驍アソスソス

ソスソスソスソスソス[ソスUソス[ソスヌ暦ソス

Sambaソスナ構ソスzソスソスソスソスActive DirectoryソスナゑソスWindowsソスソスソスiソスソスソスソスソス[ソスgソスTソス[ソスoソス[ソスヌ暦ソスソスcソス[ソスソスソスソスソスgソスpソスjソスナゑソスLinuxソスソスソスナゑソスソスソスソス[ソスUソス[ソスヌ暦ソスソスソスソスsソスソスソス驍ェソスAソスソスソスソスソスナは、Linuxソスソスソスナソスソス[ソスUソス[ソスヌ暦ソスソスソスソスsソスソスソスB

ソスiソスPソスjソスソスソス[ソスUソス[ソス成
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user create centos01 pass123@ソス@ソスソスソス@ソスソスソス[ソスUソス[ソスソスcentos01ソスAソスpソスXソスソスソス[ソスhpass123@ソスナソスソス[ソスUソス[ソス成
User 'centos01' created successfully

ソスiソスQソスjソスソスソス[ソスUソス[ソス除
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user delete centos01ソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスソスソス除
Deleted user centos01

ソスiソスRソスjソスソスソス[ソスUソス[ソスソスソスソスソスソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user disable centos01ソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソス無鯉ソスソスソス

[root@centosdc01 ~]# /usr/local/samba/bin/pdbedit -u centos01 -vソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスソスソスソスソスソスソスmソスF
Unix username:        centos01
NT username:
Account Flags:        [DU         ]ソス@ソスソスソス@Dソスソスソス\ソスソスソスソスソスソストゑソスソス驍アソスニソスソスソスソスソスソスソスソスソスソスソス
User SID:             S-1-5-21-2909066206-3298834993-4289490847-1105
Primary Group SID:    S-1-5-21-2909066206-3298834993-4289490847-513
Full Name:
Home Directory:
HomeDir Drive:        (null)
Logon Script:
Profile Path:
Domain:
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          0
Kickoff time:         ソスソス, 14  9ソスソス 30828 11:48:05 JST
Password last set:    ソスソス, 21 11ソスソス 2014 10:54:15 JST
Password can change:  ソスソス, 21 11ソスソス 2014 10:54:15 JST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

ソスiソスSソスjソスソスソス[ソスUソス[ソスLソスソスソスソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user enable centos01ソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスソスLソスソスソスソス
Enabled user 'centos01'

[root@centosdc01 ~]# /usr/local/samba/bin/pdbedit -u centos01 -vソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスLソスソスソスソスソスmソスF
Unix username:        centos01
NT username:
Account Flags:        [U          ]ソス@ソスソスソス@Dソスソスソス\ソスソスソスソスソスソストゑソスソスネゑソスソスソスソスニソスソスLソスソスソスソスソスソスソスソス
User SID:             S-1-5-21-2909066206-3298834993-4289490847-1105
Primary Group SID:    S-1-5-21-2909066206-3298834993-4289490847-513
Full Name:
Home Directory:
HomeDir Drive:        (null)
Logon Script:
Profile Path:
Domain:
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          0
Kickoff time:         ソスソス, 14  9ソスソス 30828 11:48:05 JST
Password last set:    ソスソス, 21 11ソスソス 2014 10:54:15 JST
Password can change:  ソスソス, 21 11ソスソス 2014 10:54:15 JST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

ソスiソスTソスjソスソスソス[ソスUソス[ソス齬暦ソス\ソスソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user listソス@ソスソスソス@ソスソスソス[ソスUソス[ソス齬暦ソス\ソスソス
Administrator
centos01
krbtgt
Guest

ソスiソスUソスjソスpソスXソスソスソス[ソスhソスマ更ソスソスソスソスソス[ソスUソス[ソスソスソスgソスノゑソスソスpソスXソスソスソス[ソスhソスマ更ソスソスWindowsソスソスナ趣ソスソス{
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user setpassword centos01 --newpassword=password456@ソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスフパソスXソスソスソス[ソスhソスソスpassword456@ソスヨ変更
Changed password OK

ソスソスソスpソスXソスソスソス[ソスhソスソスソスjソスン抵ソス

ソスpソスXソスソスソス[ソスhソスソスソスjソスソスン定すソスソスB

ソスiソスPソスjソスpソスXソスソスソス[ソスhソスソスソスGソスソスソスiソスpソスソスソスソスソスLソスソスソスソスソスン具ソスソスソスソスjソスソスソスソスソスソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain passwordsettings set --complexity=offソス@ソスソスソス@ソスpソスXソスソスソス[ソスhソスソスソスGソスソスソスiソスpソスソスソスソスソスLソスソスソスソスソスン具ソスソスソスソスjソスソスソスソスソスソス
Password complexity deactivated!
All changes applied successfully!

[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user setpassword centos01 --newpassword=passwordソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスフパソスXソスソスソス[ソスhソスソスソスネ易なパソスXソスソスソス[ソスhソスipasswordソスjソスノ変更ソスiソスソスソスソスソスj
Changed password OK

ソスiソスQソスjソスpソスXソスソスソス[ソスhソスソスソスGソスソスソスiソスpソスソスソスソスソスLソスソスソスソスソスン具ソスソスソスソスjソスLソスソスソスソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain passwordsettings set --complexity=onソス@ソスソスソス@ソスpソスXソスソスソス[ソスhソスソスソスGソスソスソスiソスpソスソスソスソスソスLソスソスソスソスソスン具ソスソスソスソスjソスLソスソスソスソス
Password complexity activated!
All changes applied successfully!

[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user setpassword centos01 --newpassword=passwordソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスフパソスXソスソスソス[ソスhソスソスソスネ易なパソスXソスソスソス[ソスhソスipasswordソスjソスノ変更ソスiソスソスソスsソスj
ERROR: Failed to set password for user 'centos01': (19, '0000052D: Constraint violation - check_password_restrictions: the password does not meet the complexity criteria!')

ソスiソスRソスjソスナ擾ソスソスpソスXソスソスソス[ソスhソスソスソスン抵ソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain passwordsettings set --min-pwd-length=8ソス@ソスソスソス@ソスナ擾ソスソスpソスXソスソスソス[ソスhソスソスソスソス8ソスソスソスノ設抵ソス
Minimum password length changed!
All changes applied successfully!

[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user setpassword centos01 --newpassword=pass1@ソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスフパソスXソスソスソス[ソスhソスソス8ソスソスソスソスソスソスソスフパソスXソスソスソス[ソスhソスノ変更ソスiソスソスソスsソスj
ERROR: Failed to set password for user 'centos01': (19, '0000052D: Constraint violation - check_password_restrictions: the password is too short. It should be equal or longer than 8 characters!')

[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user setpassword centos01 --newpassword=pass123@ソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソスフパソスXソスソスソス[ソスhソスソス8ソスソスソスフパソスXソスソスソス[ソスhソスノ変更ソスiソスソスソスソスソスj
Changed password OK

ソスiソスSソスjソスpソスXソスソスソス[ソスhソスLソスソスソスソスソスソスソスン抵ソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain passwordsettings set --max-pwd-age=90ソス@ソスソスソス@ソスpソスXソスソスソス[ソスhソスLソスソスソスソスソスソスソスソス90ソスソスソスノ設抵ソス
Maximum password age changed!
All changes applied successfully!

[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain passwordsettings set --max-pwd-age=0ソス@ソスソスソス@ソスpソスXソスソスソス[ソスhソスLソスソスソスソスソスソスソスソス0ソスソスソスiソスソスソスソスソスソスソスjソスノ設抵ソス
Maximum password age changed!
All changes applied successfully!

ソスiソスTソスjソスpソスXソスソスソス[ソスhソスマ更ソスヨ止ソスソスソスヤ設抵ソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain passwordsettings set --min-pwd-age=1ソス@ソスソスソス@ソスpソスXソスソスソス[ソスhソスマ更ソスヨ止ソスソスソスヤゑソス1ソスソスソスノ設抵ソス
Minimum password age changed!
All changes applied successfully!

[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain passwordsettings set --min-pwd-age=0ソス@ソスソスソス@ソスpソスXソスソスソス[ソスhソスマ更ソスヨ止ソスソスソスヤゑソス0ソスソスソスiソスソスソスソスソスソスソスノ変更ソスツ能ソスjソスノ設抵ソス
Minimum password age changed!
All changes applied successfully!

ソスiソスUソスjソスpソスXソスソスソス[ソスhソスソスソスjソス\ソスソス
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool domain passwordsettings showソス@ソスソスソス@ソスpソスXソスソスソス[ソスhソスソスソスjソス\ソスソス
Password informations for domain 'DC=centos,DC=local'

Password complexity: onソスEソスEソスEソスpソスXソスソスソス[ソスhソスソスソスGソスソスソスLソスソス
Store plaintext passwords: off
Password history length: 24
Minimum password length: 8ソスEソスEソスEソスナ擾ソスソスpソスXソスソスソス[ソスhソスソスソスソス8ソスソス
Minimum password age (days): 0ソスEソスEソスEソスpソスXソスソスソス[ソスhソスマ更ソスヨ止ソスソスソスヤゑソス0ソスソスソスiソスソスソスソスソスソスソスノ変更ソスツ能ソスj
Maximum password age (days): 90ソスEソスEソスEソスpソスXソスソスソス[ソスhソスLソスソスソスソスソスソスソスソス90ソスソス

ソスソスソスソスハソスソス[ソスUソス[ソスフソスソスソスソス[ソスgソスレ托ソスソスン抵ソスソスソスソスソスソスソスソス[ソスgソスfソスXソスNソスgソスbソスvソスレ托ソスソスナドソスソスソスCソスソスソスヨソスソスOソスIソスソスソスソスソスソス鼾ソスフゑソス

ソスソスソスソスソスン抵ソスナゑソスAdministratorソスソスソス[ソスUソス[ソスソスソスソスソスuソスソスソスソスソス[ソスgソスfソスXソスNソスgソスbソスvソスレ托ソスソスvソスナドソスソスソスCソスソスソスヨ接托ソスソスナゑソスソスネゑソスソスソスソス゚、ソスソスハソスソス[ソスUソス[ソスソスソスhソスソスソスCソスソスソスヨソスソスソスソス[ソスgソスレ托ソスソスナゑソスソスソス謔、ソスノゑソスソスソスB

ソスiソスPソスjAdministratorソスナドソスソスソスCソスソスソスヨソスソスOソスIソスソスソスソスソスソス

ソスiソスQソスjソスソスハソスソス[ソスUソス[ソスフソスソスソスソス[ソスgソスfソスXソスNソスgソスbソスvソスレ托ソスソスソスソスソスソスツゑソスソスソス
ソスuソスXソス^ソス[ソスgソスvソスヒ「ソスRソスソスソスgソスソスソス[ソスソスソスpソスlソスソスソスvソスヒ「ソスVソスXソスeソスソスソスニセソスLソスソスソスソスソスeソスBソスvソスヒ「ソスVソスXソスeソスソスソスvソスヒ「ソスソスソスソスソス[ソスgソスフ設抵ソスvソスナ「ソスVソスXソスeソスソスソスフプソスソスソスpソスeソスBソスvソスソスソスJソスソス
ソスuソスソスソスソスソス[ソスgソスfソスXソスNソスgソスbソスvソスソスソスソスソスsソスソスソストゑソスソスソスRソスソスソスsソスソスソス[ソス^ソス[ソスソスソスソスフ接托ソスソスソスソスソスソスツゑソスソスソスvソスソスソス`ソスFソスbソスN
ソスuソスソスソス[ソスUソス[ソスフ選ソスソスソスvソスヒ「ソスヌ会ソスソスvソスナ「ソスhソスソスソスCソスソスソスソス\Domain Usersソスiソスソス:CENTOS\Domain Usersソスjソスvソスソスヌ会ソス

ソスソスハソスソス[ソスUソス[ソスナドソスソスソスCソスソスソスヨソスソスソスソス[ソスgソスレ托ソスソスナゑソスソス驍アソスソス

ソスソスソスレ難ソスソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスン抵ソス

ソスヌの端ソスソスソスソスソスソスhソスソスソスCソスソスソスヨソスソスOソスIソスソスソスソスソストゑソスソスfソスXソスNソスgソスbソスvソスン抵ソスソス}ソスCソスhソスLソスソスソスソスソスソスソスgソスソスソスフソスソス[ソスUソス[ソスナ有ソスフ環具ソスソスiソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスjソス利用ソスナゑソスソスソス謔、ソスノゑソスソスソスB

[root@centosdc01 ~]# mkdir /usr/local/samba/var/profilesソス@ソスソスソス@ソスレ難ソスソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスiソス[ソスfソスBソスソスソスNソスgソスソスソス成

[root@centosdc01 ~]# chmod 1777 /usr/local/samba/var/profilesソス@ソスソスソス@ソスレ難ソスソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスiソス[ソスfソスBソスソスソスNソスgソスソスソスpソス[ソス~ソスbソスVソスソスソスソスソスソスマ更
ソスiソスソスソスjソスpソス[ソス~ソスbソスVソスソスソスソス1777ソスヘ、ソスNソスナゑソスソスtソス@ソスCソスソスソスソスソス成ソスナゑソスソス驍ェソスAソス成ソスソスソスソスソスtソス@ソスCソスソスソスフ擾ソスソスLソスメは作成ソスメになゑソスwソスソス

[root@centosdc01 ~]# vi /usr/local/samba/etc/smb.confソス@ソスソスソス@Sambaソスン抵ソスtソス@ソスCソスソスソスメ集
ソスソスソスLソスソスヌ会ソス
[Profiles]
        path = /usr/local/samba/var/profiles
        read only = No
        guest ok = Yes
        browseable = No

[root@centosdc01 ~]# systemctl restart sambaソス@ソスソスソス@Sambaソスト起ソスソス

ソスyソスVソスKソスソスソス[ソスUソス[ソスz
[root@centosdc01 ~]# /usr/local/samba/bin/samba-tool user create centos01 pass123@ --profile-path="\\\Active DirectoryソスTソス[ソスoソス[IPソスAソスhソスソスソスX\profiles\%USERNAME%"
ソス@ソスソスソス@ソスソスソス[ソスUソス[centos01ソス成ソスソスソスノ移難ソスソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスロ托ソスソスソスソスソスwソスソス
User 'centos01' created successfully

ソスyソスソスソスソスソスソスソス[ソスUソス[ソスz
[root@centosdc01 ~]# /usr/local/samba/bin/pdbedit -u centos01 --profile="\\\Active DirectoryソスTソス[ソスoソス[IPソスAソスhソスソスソスX\profiles\%USERNAME%"
ソス@ソスソスソス@ソスソスソスソスソスソスソス[ソスUソス[centos01ソスフ移難ソスソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスロ托ソスソスソスソスマ更

ソスネ擾ソスナ、Windowsソスソスソス辜搾ソスOソスIソスtソスソスソスノサソス[ソスoソス[ソスフ「/usr/local/samba/var/profiles/ソスソスソス[ソスUソス[ソスソス.V2ソスvソスfソスBソスソスソスNソスgソスソスソスヨソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスソスソスロ托ソスソスソスソスソスAソスソスソスソスWindowsソスソスソスOソスIソスソスソスソスソスノは難ソスソスYソスfソスBソスソスソスNソスgソスソスソスソスソス辜ソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスソスヌみ搾ソスソズゑソスソスニにゑソスソスAソスルなゑソス[ソスソスソスソスソスgソスpソスソスソストゑソスソスOソスソスgソスpソスソスソスフソスソス[ソスUソス[ソスナ有ソスフ環具ソスソスソスソスソスソスpソスナゑソスソスソス謔、ソスノなゑソスB

ソスソスソスtソスHソスソスソス_ソス[ソスソスソス_ソスCソスソスソスNソスgソスン抵ソス

ソスレ難ソスソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスン抵ソスナソスソス[ソスUソス[ソスナ有ソスフデソス[ソス^ソスiソスfソスXソスNソスgソスbソスvソスン抵ソスソス}ソスCソスhソスLソスソスソスソスソスソスソスgソスソスソスjソスソスソスヌの端ソスソスソスノソスソスOソスIソスソスソスソスソストゑソスソスソスソスpソスナゑソスソスソス謔、ソスノなゑソスソスソスソスソスソスAソスレ難ソスソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスナはソスソスOソスIソスソスソスソスソスノサソス[ソスoソス[ソスソスソスソスfソス[ソス^ソスソスソス_ソスEソスソスソスソスソス[ソスhソスAソスソスソスOソスIソスtソスソスソスノサソス[ソスoソス[ソスヨデソス[ソス^ソスソスソスAソスbソスvソスソスソス[ソスhソスソスソス驍スソス゚、ソスfソス[ソス^ソスソスソスソスeソスハになゑソスニソスソスOソスIソスソスソス^ソスソスソスOソスIソスtソスノ趣ソスソスヤゑソスソスソスソスソスソスソス謔、ソスノなゑソスソス閧ェソスソスソスソスBソスソスソスフ厄ソスソスフ対擾ソスソスニゑソスソスト、ソスhソスLソスソスソスソスソスソスソスgソスソスソスAソスソスeソスハのデソス[ソス^ソスソスソスiソス[ソスソスソスソスtソスHソスソスソス_ソス[ソスヘフソスHソスソスソス_ソス[ソスソスソス_ソスCソスソスソスNソスgソスン抵ソスノゑソスソスTソス[ソスoソス[ソスソスフ具ソスソスLソスtソスHソスソスソス_ソス[ソスヨ保托ソスソスソスソスソスソス謔、ソスノゑソスソスソスB
ソスネゑソスソスAソスソスソス[ソスUソス[ソスヘフソスHソスソスソス_ソス[ソスソスソス_ソスCソスソスソスNソスgソスン定しソスソスソスtソスHソスソスソス_ソス[ソスフ保托ソスソス謔ェソスTソス[ソスoソス[ソスソスノ変ゑソスソスソスソスソスソスソスニゑソスソスモ趣ソスソスソスソスソスKソスvソスヘなゑソスソスAソス]ソスソスソスヌゑソスソスソスノフソスHソスソスソス_ソス[ソスヘソスソス[ソスJソスソスソスソスノゑソスソスソスソスソスフとゑソスソスト茨ソスソスソスソスソスソスニゑソスソスナゑソスソスソスB

ソスiソスPソスjAdministratorソスナドソスソスソスCソスソスソスヨソスソスOソスIソスソスソスソスソスソス

ソスiソスQソスjソスOソスソスソス[ソスvソス|ソスソスソスVソス[ソスヌ暦ソスソスGソスfソスBソス^ソス[ソスソスソスNソスソスソスソスソスソス
ソスuソスXソス^ソス[ソスgソスvソスヒ「ソスヌ暦ソスソスcソス[ソスソスソスvソスヒ「ソスOソスソスソス[ソスvソス|ソスソスソスVソス[ソスフ管暦ソスソスvソスソスソスNソスソス
ソスuソスOソスソスソス[ソスvソス|ソスソスソスVソス[ソスフ管暦ソスソスvソスヒ「ソスtソスHソスソスソスXソスg:ソスhソスソスソスCソスソスソスソスソスvソスヒ「ソスhソスソスソスCソスソスソスvソスヒ「ソスhソスソスソスCソスソスソスソスソスvソスヒ「ソスOソスソスソス[ソスvソス|ソスソスソスVソス[ソスIソスuソスWソスFソスNソスgソスvソスヒ「Default Domain PolicyソスvソスソスソスEソスNソスソスソスbソスNソスヒ「ソスメ集ソスvソスナドソスソスソスCソスソスソスフ「ソスOソスソスソス[ソスvソス|ソスソスソスVソス[ソスヌ暦ソスソスGソスfソスBソス^ソス[ソスvソスソスソスNソスソス

ソスiソスRソスjソスtソスHソスソスソス_ソス[ソスソスソス_ソスCソスソスソスNソスgソスソスン定すソスソス
ソスuソスソスソス[ソスUソス[ソスフ構ソスソスソスvソスヒ「ソス|ソスソスソスVソス[ソスvソスヒ「Windowsソスフ設抵ソスvソスヒ「ソスtソスHソスソスソス_ソス[ソスソスソス_ソスCソスソスソスNソスgソスvソスヒ「ソスホ象フソスHソスソスソス_ソスiソスソス:ソスhソスLソスソスソスソスソスソスソスgソスjソスvソスソスソスEソスNソスソスソスbソスNソスヒ「ソスvソスソスソスpソスeソスBソスv

ソスmソス^ソス[ソスQソスbソスgソスnソス^ソスu
ソスuソスン抵ソスvソスナ「ソスソス{-ソスSソスソスソスフフソスHソスソスソス_ソス[ソス同ゑソスソス齒奇ソスノソスソス_ソスCソスソスソスNソスgソスソスソスソスvソスソスIソスソス
ソスuソスホ象のフソスHソスソスソス_ソス[ソスフ場所ソスvソスナ「ソスソスソス[ソスgソスpソスXソスフ会ソスソスノ各ソスソスソス[ソスUソス[ソスフフソスHソスソスソス_ソス[ソスソスソス成ソスソスソスソスvソスソスIソスソス
ソスuソスソスソス[ソスgソスpソスXソスvソスノ「\\Active DirectoryソスTソス[ソスoソス[IPソスAソスhソスソスソスX\profilesソスvソスソスソスソスソス

ソスmソスン抵ソスnソス^ソスu
ソスソスソスラてのチソスFソスbソスNソス{ソスbソスNソスXソスソスソス`ソスFソスbソスN

ソスuOKソスv

ソスiソスSソスjソスOソスソスソス[ソスvソス|ソスソスソスVソス[ソスヌ暦ソスソスGソスfソスBソス^ソス[ソスソスツゑソスソスソス

ソスネ擾ソスナ、ソスTソス[ソスoソス[ソスフ「/usr/local/samba/var/profiles/ソスソスソス[ソスUソス[ソスソスソスvソスfソスBソスソスソスNソスgソスソスソスヨフソスHソスソスソス_ソス[ソスソスソス_ソスCソスソスソスNソスgソスン定しソスソスソスtソスHソスソスソス_ソス[ソスソスソスロ托ソスソスソスソスソスソス謔、ソスノなゑソスBソスワゑソスソスAソスレ難ソスソスソスソス[ソスUソス[ソスvソスソスソスtソス@ソスCソスソスソスニ異なゑソスAソスソスソス[ソスUソス[ソスノゑソスソスtソス@ソスCソスソスソスフ更ソスVソスヘソスソスAソスソスソス^ソスCソスソスソスノサソス[ソスoソス[ソスノ費ソスソスfソスソスソスソスソスB


ソスソスソスヨ連ソスRソスソスソスeソスソスソスc

<!ソス\ソスeソスLソスXソスgソスフみゑソス4ソスsソス\ソスソスソスノ追会ソスソスソスCソスソスソスソスソスソス\>



ソスソスソスソスソスフペソス[ソスWソスフトソスbソスvソスヨ戻ゑソス

ソスvソスソスソスCソスoソスVソス[ソス|ソスソスソスVソス[
centossrv.com