Samba — различия между версиями

Материал из pNp Wiki
Перейти к: навигация, поиск
(Новая страница: «===Samba=== ==Установка samba в Debian 7.0 как член AD== домен BLACKMESA.LOCAL AD1 - ad1.blackemsa.lan AD2 - ad2.blackemsa.lan Устан…»)
(нет различий)

Версия 09:58, 8 мая 2013

Samba

Установка samba в Debian 7.0 как член AD

домен BLACKMESA.LOCAL AD1 - ad1.blackemsa.lan AD2 - ad2.blackemsa.lan

Устанавливаем следущие пакеты 

apt-get install krb5-clients krb5-user samba winbind libnss-winbind libpam-winbind ntp

Настройка kerberos 

nano /etc/krb5.conf

Приводим конфиг к следующему виду: 

[libdefaults]
	default_realm = BLACKMESA.LOCAL

# The following krb5.conf variables are only for MIT Kerberos.
	krb4_config = /etc/krb.conf
	krb4_realms = /etc/krb.realms
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true

[realms]
	BLACKMESA.LOCAL = {
		kdc = ad1.blackmesa.local
		kdc = ad2.blackmesa.local
		admin_server = ad1.blackmesa.local
		default_domain = blackmesa.local
	}

[domain_realm]
	.blackmesa.local = BLACKMESA.LOCAL
	blackmesa.local = BLACKMESA.LOCAL

[login]
	krb4_convert = true
	krb4_get_tickets = false

Прверяем: 

kinit administrator@BLACKMESA.LOCAL

klist

- Настраиваем nsswitch.conf 

nano /etc/nsswitch.conf

меняем в файле строки 

passwd:         compat
group:          compat
shadow:         compat

на 

passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind

Настраиваем саму samb'у 

nano /etc/smb.conf

#======================= Global Settings =======================
 
[global]

  workgroup = BLACKMESA
  server string = %h server
  dns proxy = no

#### Debugging/Accounting ####

   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######

  realm = BLACKMESA.LAN
  security = ads
  encrypt passwords = true
  map to guest = bad user

  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  template shell = /bin/bash
  winbind enum groups = yes
  winbind enum users = yes
  winbind separator = +

#======================= Share Definitions =======================

[homes]
  comment = Home Directories
  browseable = no
  read only = yes
  create mask = 0700
  directory mask = 0700
  valid users = %S

[printers]
  comment = All Printers
  browseable = no
  path = /var/spool/samba
  printable = yes
  guest ok = no
  read only = yes
  create mask = 0700

[print$]
  comment = Printer Drivers
  path = /var/lib/samba/printers
  browseable = yes
  read only = yes
  guest ok = no
;   write list = root, @lpadmin

[work]
  comment = work
  path = /srv/work
  browseable = yes
  read only = yes
  valid users = "@BLACKMESA+Domain Users"
Источник — «http://wiki.ipnp.su/index.php?title=Samba&oldid=1679»