Настройка Samba — различия между версиями

Материал из Rosalab Wiki
Перейти к: навигация, поиск
(Новая страница: «Первым делом необходимо остановить самбу: /etc/init.d/smb stop Правим {{Источник|/etc/samba/smb.conf}}, наст...»)
 
Строка 4: Строка 4:
  
 
Правим {{Источник|/etc/samba/smb.conf}}, настраивая обыкновенный PDC. В итоге {{Источник|smb.conf}} должен принять примерно такой вид:
 
Правим {{Источник|/etc/samba/smb.conf}}, настраивая обыкновенный PDC. В итоге {{Источник|smb.conf}} должен принять примерно такой вид:
<nowiki>
 
[global]
 
workgroup = Mandriva
 
netbiosname = MDS
 
preferred master = yes
 
os level = 65
 
wins support = yes
 
enable privileges = yes
 
timeserver = yes
 
log level = 3
 
null passwords = yes
 
security = user
 
name resolve order = bcast host
 
domain logons = yes
 
domain master = yes
 
printing = cups
 
printcap name = cups
 
logon path = \\%N\profiles\%U
 
logon script = logon.bat
 
logon drive = H:
 
map acl inherit = yes
 
nt acl support = yes
 
passdb backend = ldapsam:ldap://127.0.0.1/
 
obey pam restrictions = no
 
ldap admin dn = cn=manager,dc=mandriva,dc=com
 
ldap suffix = dc=mandriva,dc=com
 
ldap group suffix = ou=Group
 
ldap user suffix = ou=People
 
ldap machine suffix = ou=Hosts
 
ldap idmap suffix = ou=Idmap
 
ldap passwd sync = yes
 
# ldap delete dn = yes
 
passwd program = /usr/sbin/smbldap-passwd -u %u
 
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n
 
add user script = /usr/sbin/smbldap-useradd -m "%u"
 
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
 
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
 
add group script = /usr/sbin/ambldap-groupadd -p "%g"
 
add machine script = /usr/lib/mmc/add_machine_script '%u'
 
delete user script = /usr/sbin/smbldap-userdel "%u"
 
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
 
delete group script = /usr/sbin/smbldap-groupdel "%g"
 
  
[homes]
+
[global]
comment = Home directories
+
workgroup = Mandriva
browseable = no
+
netbiosname = MDS
writeable = yes
+
preferred master = yes
create mask = 0700
+
os level = 65
directory mask = 0700
+
wins support = yes
hide files = /Maildir/
+
enable privileges = yes
 +
timeserver = yes
 +
log level = 3
 +
null passwords = yes
 +
security = user
 +
name resolve order = bcast host
 +
domain logons = yes
 +
domain master = yes
 +
printing = cups
 +
printcap name = cups
 +
logon path = \\%N\profiles\%U
 +
logon script = logon.bat
 +
logon drive = H:
 +
map acl inherit = yes
 +
nt acl support = yes
 +
passdb backend = ldapsam:ldap://127.0.0.1/
 +
obey pam restrictions = no
 +
ldap admin dn = cn=manager,dc=mandriva,dc=com
 +
ldap suffix = dc=mandriva,dc=com
 +
ldap group suffix = ou=Group
 +
ldap user suffix = ou=People
 +
ldap machine suffix = ou=Hosts
 +
ldap idmap suffix = ou=Idmap
 +
ldap passwd sync = yes
 +
# ldap delete dn = yes
 +
passwd program = /usr/sbin/smbldap-passwd -u %u
 +
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n
 +
add user script = /usr/sbin/smbldap-useradd -m "%u"
 +
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
 +
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
 +
add group script = /usr/sbin/ambldap-groupadd -p "%g"
 +
add machine script = /usr/lib/mmc/add_machine_script '%u'
 +
delete user script = /usr/sbin/smbldap-userdel "%u"
 +
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
 +
delete group script = /usr/sbin/smbldap-groupdel "%g"
  
[public]
+
[homes]
comment = Public share
+
comment = Home directories
path = /home/samba/shares/public
+
browseable = no
browseable = yes
+
writeable = yes
public = yes
+
create mask = 0700
writeable = yes
+
directory mask = 0700
 +
hide files = /Maildir/
  
[archives]
+
[public]
comment = Backup share
+
comment = Public share
path = /home/samba/archives
+
path = /home/samba/shares/public
browseable = yes
+
browseable = yes
public = no
+
public = yes
writeable = no
+
writeable = yes
  
[printers]
+
[archives]
comment = Printers
+
comment = Backup share
path = /tmp
+
path = /home/samba/archives
browseable = no
+
browseable = yes
public = yes
+
public = no
guest ok = yes
+
writeable = no
writeable = no
+
printable = yes
+
  
[print$]
+
[printers]
comment = Drivers
+
comment = Printers
path = /var/lib/samba/printers
+
path = /tmp
browseable = yes
+
browseable = no
guest ok = yes
+
public = yes
read only = yes
+
guest ok = yes
write list = Administrator,root,@lpadmin
+
writeable = no
 +
printable = yes
  
[netlogon]
+
[print$]
path = /home/samba/netlogon
+
comment = Drivers
public = yes
+
path = /var/lib/samba/printers
writeable = yes
+
browseable = yes
browseable = no
+
guest ok = yes
 +
read only = yes
 +
write list = Administrator,root,@lpadmin
  
[profiles]
+
[netlogon]
path = /home/samba/profiles
+
path = /home/samba/netlogon
writeable = yes
+
public = yes
create mask = 0700
+
writeable = yes
directory mask = 0700
+
browseable = no
browseable = no
+
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
+
  
[partage]
+
[profiles]
comment = aucun
+
path = /home/samba/profiles
path = /home/samba/partage
+
writeable = yes
browseable = yes
+
create mask = 0700
public = no
+
directory mask = 0700
writeable = yes
+
browseable = no
</nowiki>
+
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
 +
 
 +
[partage]
 +
comment = aucun
 +
path = /home/samba/partage
 +
browseable = yes
 +
public = no
 +
writeable = yes
  
 
Затем — проверяем конфиг командой {{cmd|testparm}}:
 
Затем — проверяем конфиг командой {{cmd|testparm}}:
<nowiki>
 
testparm
 
  
Load smb config files from /etc/samba/smb.conf
+
testparm
...
+
Load smb config files from /etc/samba/smb.conf
Processing section "[partage]"
+
...
Loaded services file OK.
+
Processing section "[partage]"
Server role: ROLE_DOMAIN_PDC
+
Loaded services file OK.
Press enter to see a dump of your service definitions
+
Server role: ROLE_DOMAIN_PDC
</nowiki>
+
Press enter to see a dump of your service definitions
  
Теперь создаем необходимые директории:
+
Теперь создаем необходимые директории:<br />
<nowiki>
+
{{cmd|mkdir -p /home/samba/shares/public/}}<br />
mkdir -p /home/samba/shares/public/
+
{{cmd|mkdir /home/samba/netlogon/}}<br />
mkdir /home/samba/netlogon/
+
{{cmd|mkdir /home/samba/profiles/}}<br />
mkdir /home/samba/profiles/
+
{{cmd|mkdir /home/samba/partage/}}<br />
mkdir /home/samba/partage/
+
{{cmd|mkdir /home/samba/archives/}}<br />
mkdir /home/samba/archives/
+
</nowiki>
+
  
И зададим им соответствующие права:
+
 
<nowiki>
+
И зададим им соответствующие права:<br />
chown -R :"Domain Users" /home/samba/
+
{{cmd|chown -R :"Domain Users" /home/samba/}}<br />
chmod 777 /var/spool/samba/ /home/samba/shares/public/
+
{{cmd|chmod 777 /var/spool/samba/ /home/samba/shares/public/}}<br />
chmod 755 /home/samba/netlogon/
+
{{cmd|chmod 755 /home/samba/netlogon/}}<br />
chmod 770 /home/samba/profiles/ /home/samba/partage/
+
{{cmd|chmod 770 /home/samba/profiles/ /home/samba/partage/}}<br />
chmod 700 /home/samba/archives/
+
{{cmd|chmod 700 /home/samba/archives/}}<br />
</nowiki>
+
  
 
Всё хорошо. Идём дальше. Теперь дадим самбе права на чтение ldap базы.
 
Всё хорошо. Идём дальше. Теперь дадим самбе права на чтение ldap базы.
<nowiki>
+
 
smbpasswd -w example
+
smbpasswd -w example
Setting stored password for "cn=manager,dc=mandriva,dc=com" in secrets.tdb
+
Setting stored password for "cn=manager,dc=mandriva,dc=com" in secrets.tdb
</nowiki>
+
 
  
 
Получаем SID для нашего домена:
 
Получаем SID для нашего домена:
Строка 148: Строка 142:
 
  net getlocalsid mandriva.com
 
  net getlocalsid mandriva.com
  
Теперь нам необходимо заселить LDAP записями Samba-домена. Устанавливаем {{pkg|smbldap-tools}}:
+
Теперь нам необходимо заселить LDAP записями Samba-домена. Устанавливаем {{pkg|smbldap-tools}}:<br />
  
urpmi smbldap-tools
+
{{cmd|urpmi smbldap-tools}}<br />
  
 
Идем в {{Источник|/etc/smbldap-tools/}} и правим {{Источник|smbldap_bind.conf}}:
 
Идем в {{Источник|/etc/smbldap-tools/}} и правим {{Источник|smbldap_bind.conf}}:
<nowiki>
+
 
slaveDN="cn=admin,dc=mandriva,dc=com"
+
slaveDN="cn=admin,dc=mandriva,dc=com"
slavePw="example"
+
slavePw="example"
masterDN="cn=Manager,dc=mandriva,dc=com"
+
masterDN="cn=Manager,dc=mandriva,dc=com"
masterPw="example"
+
masterPw="example"
</nowiki>
+
 
  
 
Теперь правим {{Источник|smbldap.conf}}:
 
Теперь правим {{Источник|smbldap.conf}}:
<nowiki>
 
SID="S-1-5-21-128599351-419866736-2079179792"
 
sambaDomain="MANDRIVA"
 
ldapTLS="0"
 
suffix="dc=mandriva,dc=com
 
sambaUnixIdPooldn="sambaDomainName=MANDRIVA,${suffix}"
 
#defaultMaxPasswordAge="45"
 
userSmbHome=""
 
userProfile=""
 
userHomeDrive=""
 
</nowiki>
 
  
Заселяем LDAP:
+
SID="S-1-5-21-128599351-419866736-2079179792"
 +
sambaDomain="MANDRIVA"
 +
ldapTLS="0"
 +
suffix="dc=mandriva,dc=com
 +
sambaUnixIdPooldn="sambaDomainName=MANDRIVA,${suffix}"
 +
#defaultMaxPasswordAge="45"
 +
userSmbHome=""
 +
userProfile=""
 +
userHomeDrive=""
  
smbldap-populate -m 512 -a administrator
+
Заселяем LDAP:<br />
 +
 
 +
{{cmd|smbldap-populate -m 512 -a administrator}}
  
 
Настраиваем NSS: В {{Источник|/etc/nsswitch.conf}} правим такие записи:
 
Настраиваем NSS: В {{Источник|/etc/nsswitch.conf}} правим такие записи:
<nowiki>
 
passwd: files ldap
 
shadow: files ldap
 
group: files ldap
 
  
hosts: files dns
+
passwd: files ldap
 
+
shadow: files ldap
bootparams: files
+
group: files ldap
ethers: files
+
hosts: files dns
netmasks: files
+
bootparams: files
networks: files
+
ethers: files
protocols: files
+
netmasks: files
rpc: files
+
networks: files
services: files
+
protocols: files
netgroup: files
+
rpc: files
publickey: files
+
services: files
automount: files
+
netgroup: files
aliases: files
+
publickey: files
</nowiki>
+
automount: files
 +
aliases: files
  
 
В {{Источник|/etc/ldap.conf}}:
 
В {{Источник|/etc/ldap.conf}}:
<nowiki>
+
 
host 127.0.0.1
+
host 127.0.0.1
base dc=mandriva,dc=com
+
base dc=mandriva,dc=com
</nowiki>
+
  
 
Теперь перезапускаем {{Программа|samba}} и {{Программа|ldap}} и получаем работающий контроллер домена.
 
Теперь перезапускаем {{Программа|samba}} и {{Программа|ldap}} и получаем работающий контроллер домена.

Версия 09:26, 2 сентября 2011

Первым делом необходимо остановить самбу:

/etc/init.d/smb stop

Правим /etc/samba/smb.conf, настраивая обыкновенный PDC. В итоге smb.conf должен принять примерно такой вид:

[global]
workgroup = Mandriva
netbiosname = MDS
preferred master = yes
os level = 65
wins support = yes
enable privileges = yes
timeserver = yes
log level = 3
null passwords = yes
security = user
name resolve order = bcast host
domain logons = yes
domain master = yes
printing = cups
printcap name = cups
logon path = \\%N\profiles\%U
logon script = logon.bat
logon drive = H:
map acl inherit = yes
nt acl support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
ldap admin dn = cn=manager,dc=mandriva,dc=com
ldap suffix = dc=mandriva,dc=com
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Hosts
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
# ldap delete dn = yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n
add user script = /usr/sbin/smbldap-useradd -m "%u"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add group script = /usr/sbin/ambldap-groupadd -p "%g"
add machine script = /usr/lib/mmc/add_machine_script '%u'
delete user script = /usr/sbin/smbldap-userdel "%u"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g" 
[homes]
comment = Home directories
browseable = no
writeable = yes
create mask = 0700
directory mask = 0700
hide files = /Maildir/
[public]
comment = Public share
path = /home/samba/shares/public
browseable = yes
public = yes
writeable = yes
[archives]
comment = Backup share
path = /home/samba/archives
browseable = yes
public = no
writeable = no
[printers]
comment = Printers
path = /tmp
browseable = no
public = yes
guest ok = yes
writeable = no
printable = yes
[print$]
comment = Drivers
path = /var/lib/samba/printers
browseable = yes
guest ok = yes
read only = yes
write list = Administrator,root,@lpadmin
[netlogon]
path = /home/samba/netlogon
public = yes
writeable = yes
browseable = no
[profiles]
path = /home/samba/profiles
writeable = yes
create mask = 0700
directory mask = 0700
browseable = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
[partage]
comment = aucun
path = /home/samba/partage
browseable = yes
public = no
writeable = yes

Затем — проверяем конфиг командой testparm:

testparm
Load smb config files from /etc/samba/smb.conf
...
Processing section "[partage]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

Теперь создаем необходимые директории:
mkdir -p /home/samba/shares/public/
mkdir /home/samba/netlogon/
mkdir /home/samba/profiles/
mkdir /home/samba/partage/
mkdir /home/samba/archives/


И зададим им соответствующие права:
chown -R :"Domain Users" /home/samba/
chmod 777 /var/spool/samba/ /home/samba/shares/public/
chmod 755 /home/samba/netlogon/
chmod 770 /home/samba/profiles/ /home/samba/partage/
chmod 700 /home/samba/archives/

Всё хорошо. Идём дальше. Теперь дадим самбе права на чтение ldap базы.

smbpasswd -w example
Setting stored password for "cn=manager,dc=mandriva,dc=com" in secrets.tdb


Получаем SID для нашего домена:

net getlocalsid mandriva.com

Теперь нам необходимо заселить LDAP записями Samba-домена. Устанавливаем smbldap-tools:

urpmi smbldap-tools

Идем в /etc/smbldap-tools/ и правим smbldap_bind.conf:

slaveDN="cn=admin,dc=mandriva,dc=com"
slavePw="example"
masterDN="cn=Manager,dc=mandriva,dc=com"
masterPw="example"


Теперь правим smbldap.conf:

SID="S-1-5-21-128599351-419866736-2079179792"
sambaDomain="MANDRIVA"
ldapTLS="0"
suffix="dc=mandriva,dc=com
sambaUnixIdPooldn="sambaDomainName=MANDRIVA,${suffix}"
#defaultMaxPasswordAge="45"
userSmbHome=""
userProfile=""
userHomeDrive=""

Заселяем LDAP:

smbldap-populate -m 512 -a administrator

Настраиваем NSS: В /etc/nsswitch.conf правим такие записи:

passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files

В /etc/ldap.conf:

host 127.0.0.1
base dc=mandriva,dc=com

Теперь перезапускаем samba и ldap и получаем работающий контроллер домена.