Настройка Samba

Материал из Rosalab Wiki
Версия от 09:17, 2 сентября 2011; PastorDi (обсуждение | вклад) (Новая страница: «Первым делом необходимо остановить самбу: /etc/init.d/smb stop Правим {{Источник|/etc/samba/smb.conf}}, наст...»)

(разн.) ← Предыдущая | Текущая версия (разн.) | Следующая → (разн.)
Перейти к: навигация, поиск

Первым делом необходимо остановить самбу:

/etc/init.d/smb stop

Правим /etc/samba/smb.conf, настраивая обыкновенный PDC. В итоге smb.conf должен принять примерно такой вид: [global] workgroup = Mandriva netbiosname = MDS preferred master = yes os level = 65 wins support = yes enable privileges = yes timeserver = yes log level = 3 null passwords = yes security = user name resolve order = bcast host domain logons = yes domain master = yes printing = cups printcap name = cups logon path = \\%N\profiles\%U logon script = logon.bat logon drive = H: map acl inherit = yes nt acl support = yes passdb backend = ldapsam:ldap://127.0.0.1/ obey pam restrictions = no ldap admin dn = cn=manager,dc=mandriva,dc=com ldap suffix = dc=mandriva,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=Hosts ldap idmap suffix = ou=Idmap ldap passwd sync = yes # ldap delete dn = yes passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n add user script = /usr/sbin/smbldap-useradd -m "%u" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add group script = /usr/sbin/ambldap-groupadd -p "%g" add machine script = /usr/lib/mmc/add_machine_script '%u' delete user script = /usr/sbin/smbldap-userdel "%u" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" [homes] comment = Home directories browseable = no writeable = yes create mask = 0700 directory mask = 0700 hide files = /Maildir/ [public] comment = Public share path = /home/samba/shares/public browseable = yes public = yes writeable = yes [archives] comment = Backup share path = /home/samba/archives browseable = yes public = no writeable = no [printers] comment = Printers path = /tmp browseable = no public = yes guest ok = yes writeable = no printable = yes [print$] comment = Drivers path = /var/lib/samba/printers browseable = yes guest ok = yes read only = yes write list = Administrator,root,@lpadmin [netlogon] path = /home/samba/netlogon public = yes writeable = yes browseable = no [profiles] path = /home/samba/profiles writeable = yes create mask = 0700 directory mask = 0700 browseable = no hide files = /desktop.ini/ntuser.ini/NTUSER.*/ [partage] comment = aucun path = /home/samba/partage browseable = yes public = no writeable = yes

Затем — проверяем конфиг командой testparm: testparm Load smb config files from /etc/samba/smb.conf ... Processing section "[partage]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions

Теперь создаем необходимые директории: mkdir -p /home/samba/shares/public/ mkdir /home/samba/netlogon/ mkdir /home/samba/profiles/ mkdir /home/samba/partage/ mkdir /home/samba/archives/

И зададим им соответствующие права: chown -R :"Domain Users" /home/samba/ chmod 777 /var/spool/samba/ /home/samba/shares/public/ chmod 755 /home/samba/netlogon/ chmod 770 /home/samba/profiles/ /home/samba/partage/ chmod 700 /home/samba/archives/

Всё хорошо. Идём дальше. Теперь дадим самбе права на чтение ldap базы. smbpasswd -w example Setting stored password for "cn=manager,dc=mandriva,dc=com" in secrets.tdb

Получаем SID для нашего домена:

net getlocalsid mandriva.com

Теперь нам необходимо заселить LDAP записями Samba-домена. Устанавливаем smbldap-tools:

urpmi smbldap-tools

Идем в /etc/smbldap-tools/ и правим smbldap_bind.conf: slaveDN="cn=admin,dc=mandriva,dc=com" slavePw="example" masterDN="cn=Manager,dc=mandriva,dc=com" masterPw="example"

Теперь правим smbldap.conf: SID="S-1-5-21-128599351-419866736-2079179792" sambaDomain="MANDRIVA" ldapTLS="0" suffix="dc=mandriva,dc=com sambaUnixIdPooldn="sambaDomainName=MANDRIVA,${suffix}" #defaultMaxPasswordAge="45" userSmbHome="" userProfile="" userHomeDrive=""

Заселяем LDAP:

smbldap-populate -m 512 -a administrator

Настраиваем NSS: В /etc/nsswitch.conf правим такие записи: passwd: files ldap shadow: files ldap group: files ldap hosts: files dns bootparams: files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files publickey: files automount: files aliases: files

В /etc/ldap.conf: host 127.0.0.1 base dc=mandriva,dc=com

Теперь перезапускаем samba и ldap и получаем работающий контроллер домена.