Настройка Samba

Материал из Rosalab Wiki
Версия от 09:26, 2 сентября 2011; PastorDi (обсуждение | вклад)

Это снимок страницы. Он включает старые, но не удалённые версии шаблонов и изображений.
Перейти к: навигация, поиск

Первым делом необходимо остановить самбу:

/etc/init.d/smb stop

Правим /etc/samba/smb.conf, настраивая обыкновенный PDC. В итоге smb.conf должен принять примерно такой вид:

[global]
workgroup = Mandriva
netbiosname = MDS
preferred master = yes
os level = 65
wins support = yes
enable privileges = yes
timeserver = yes
log level = 3
null passwords = yes
security = user
name resolve order = bcast host
domain logons = yes
domain master = yes
printing = cups
printcap name = cups
logon path = \\%N\profiles\%U
logon script = logon.bat
logon drive = H:
map acl inherit = yes
nt acl support = yes
passdb backend = ldapsam:ldap://127.0.0.1/
obey pam restrictions = no
ldap admin dn = cn=manager,dc=mandriva,dc=com
ldap suffix = dc=mandriva,dc=com
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=Hosts
ldap idmap suffix = ou=Idmap
ldap passwd sync = yes
# ldap delete dn = yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n
add user script = /usr/sbin/smbldap-useradd -m "%u"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add group script = /usr/sbin/ambldap-groupadd -p "%g"
add machine script = /usr/lib/mmc/add_machine_script '%u'
delete user script = /usr/sbin/smbldap-userdel "%u"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g" 
[homes]
comment = Home directories
browseable = no
writeable = yes
create mask = 0700
directory mask = 0700
hide files = /Maildir/
[public]
comment = Public share
path = /home/samba/shares/public
browseable = yes
public = yes
writeable = yes
[archives]
comment = Backup share
path = /home/samba/archives
browseable = yes
public = no
writeable = no
[printers]
comment = Printers
path = /tmp
browseable = no
public = yes
guest ok = yes
writeable = no
printable = yes
[print$]
comment = Drivers
path = /var/lib/samba/printers
browseable = yes
guest ok = yes
read only = yes
write list = Administrator,root,@lpadmin
[netlogon]
path = /home/samba/netlogon
public = yes
writeable = yes
browseable = no
[profiles]
path = /home/samba/profiles
writeable = yes
create mask = 0700
directory mask = 0700
browseable = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
[partage]
comment = aucun
path = /home/samba/partage
browseable = yes
public = no
writeable = yes

Затем — проверяем конфиг командой testparm:

testparm
Load smb config files from /etc/samba/smb.conf
...
Processing section "[partage]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

Теперь создаем необходимые директории:
mkdir -p /home/samba/shares/public/
mkdir /home/samba/netlogon/
mkdir /home/samba/profiles/
mkdir /home/samba/partage/
mkdir /home/samba/archives/


И зададим им соответствующие права:
chown -R :"Domain Users" /home/samba/
chmod 777 /var/spool/samba/ /home/samba/shares/public/
chmod 755 /home/samba/netlogon/
chmod 770 /home/samba/profiles/ /home/samba/partage/
chmod 700 /home/samba/archives/

Всё хорошо. Идём дальше. Теперь дадим самбе права на чтение ldap базы.

smbpasswd -w example
Setting stored password for "cn=manager,dc=mandriva,dc=com" in secrets.tdb


Получаем SID для нашего домена:

net getlocalsid mandriva.com

Теперь нам необходимо заселить LDAP записями Samba-домена. Устанавливаем smbldap-tools:

urpmi smbldap-tools

Идем в /etc/smbldap-tools/ и правим smbldap_bind.conf:

slaveDN="cn=admin,dc=mandriva,dc=com"
slavePw="example"
masterDN="cn=Manager,dc=mandriva,dc=com"
masterPw="example"


Теперь правим smbldap.conf:

SID="S-1-5-21-128599351-419866736-2079179792"
sambaDomain="MANDRIVA"
ldapTLS="0"
suffix="dc=mandriva,dc=com
sambaUnixIdPooldn="sambaDomainName=MANDRIVA,${suffix}"
#defaultMaxPasswordAge="45"
userSmbHome=""
userProfile=""
userHomeDrive=""

Заселяем LDAP:

smbldap-populate -m 512 -a administrator

Настраиваем NSS: В /etc/nsswitch.conf правим такие записи:

passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: files
automount: files
aliases: files

В /etc/ldap.conf:

host 127.0.0.1
base dc=mandriva,dc=com

Теперь перезапускаем samba и ldap и получаем работающий контроллер домена.