Samba — различия между версиями
Материал из pNp Wiki
Suser (обсуждение | вклад) (Новая страница: «===Samba=== ==Установка samba в Debian 7.0 как член AD== домен BLACKMESA.LOCAL AD1 - ad1.blackemsa.lan AD2 - ad2.blackemsa.lan Устан…») |
Suser (обсуждение | вклад) (→Установка samba в Debian 7.0 как член AD) |
||
| Строка 123: | Строка 123: | ||
read only = yes | read only = yes | ||
valid users = "@BLACKMESA+Domain Users" | valid users = "@BLACKMESA+Domain Users" | ||
| + | |||
| + | [[Категория:Cеверное ПО]] | ||
Версия 10:00, 8 мая 2013
Samba
Установка samba в Debian 7.0 как член AD
домен BLACKMESA.LOCAL AD1 - ad1.blackemsa.lan AD2 - ad2.blackemsa.lan
Устанавливаем следущие пакеты
apt-get install krb5-clients krb5-user samba winbind libnss-winbind libpam-winbind ntp
Настройка kerberos
nano /etc/krb5.conf
Приводим конфиг к следующему виду:
[libdefaults]
default_realm = BLACKMESA.LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
BLACKMESA.LOCAL = {
kdc = ad1.blackmesa.local
kdc = ad2.blackmesa.local
admin_server = ad1.blackmesa.local
default_domain = blackmesa.local
}
[domain_realm]
.blackmesa.local = BLACKMESA.LOCAL
blackmesa.local = BLACKMESA.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = false
Прверяем:
kinit administrator@BLACKMESA.LOCAL
klist
- Настраиваем nsswitch.conf
nano /etc/nsswitch.conf
меняем в файле строки
passwd: compat group: compat shadow: compat
на
passwd: compat winbind group: compat winbind shadow: compat winbind
Настраиваем саму samb'у
nano /etc/smb.conf
#======================= Global Settings ======================= [global] workgroup = BLACKMESA server string = %h server dns proxy = no #### Debugging/Accounting #### log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d ####### Authentication ####### realm = BLACKMESA.LAN security = ads encrypt passwords = true map to guest = bad user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind enum groups = yes winbind enum users = yes winbind separator = + #======================= Share Definitions ======================= [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no ; write list = root, @lpadmin [work] comment = work path = /srv/work browseable = yes read only = yes valid users = "@BLACKMESA+Domain Users"
