Samba
Материал из pNp Wiki
Samba
Установка samba в Debian 7.0 как член AD
домен BLACKMESA.LOCAL AD1 - ad1.blackemsa.local AD2 - ad2.blackemsa.local
- Устанавливаем следущие пакеты
apt-get install krb5-clients krb5-user samba winbind libnss-winbind libpam-winbind ntp
- Настройка kerberos
nano /etc/krb5.conf
Приводим конфиг к следующему виду:
[libdefaults]
default_realm = BLACKMESA.LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
BLACKMESA.LOCAL = {
kdc = ad1.blackmesa.local
kdc = ad2.blackmesa.local
admin_server = ad1.blackmesa.local
default_domain = blackmesa.local
}
[domain_realm]
.blackmesa.local = BLACKMESA.LOCAL
blackmesa.local = BLACKMESA.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = false
Прверяем:
kinit administrator@BLACKMESA.LOCAL
klist
Должно выдать что-то вроде этого
Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@BLACKMESA.LOCAL Valid starting Expires Service principal 05/08/13 07:58:08 05/08/13 17:58:35 krbtgt/BLACKMESA.LOCAL@BLACKMESA.LOCAL renew until 05/09/13 07:58:08
- Настраиваем nsswitch.conf
nano /etc/nsswitch.conf
меняем в файле строки
passwd: compat group: compat shadow: compat
на
passwd: compat winbind group: compat winbind shadow: compat winbind
- Настраиваем саму samb'у
nano /etc/smb.conf
#======================= Global Settings ======================= [global] workgroup = BLACKMESA server string = %h server dns proxy = no #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ####### Authentication ####### realm = BLACKMESA.LAN security = ads encrypt passwords = true map to guest = bad user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind enum groups = yes winbind enum users = yes winbind separator = + #======================= Share Definitions ======================= [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no ; write list = root, @lpadmin [work] comment = work path = /srv/work browseable = yes read only = yes valid users = "@BLACKMESA+Domain Users"
- Перезапускаем samb'у
service samba restart
- Вгоняем samba сервер в домен
net join -U administrator
- перезагружаем ещё раз самбу
service samba restart
- проверяем отрывается ли шара \\srv0206\work
