User Tools
файловые_сервисы_unix_для_пользователей_windows
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
файловые_сервисы_unix_для_пользователей_windows [2010/09/30 15:53] val |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Файловые сервисы UNIX для пользователей Windows ====== | ||
| - | ===== Установка ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [gate:~] # pkg_add -r samba3 | ||
| - | [gate:~] # cat /etc/rc.conf | ||
| - | … | ||
| - | nmbd_enable="YES" | ||
| - | smbd_enable="YES" | ||
| - | winbindd_enable="NO" | ||
| - | … | ||
| - | |||
| - | [gate:~] # rehash | ||
| - | |||
| - | [gate:~] # сd /usr/local/etc/ | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@gate:~# apt-get install samba | ||
| - | |||
| - | root@gate:~# cd /etc/samba/ | ||
| - | </code> | ||
| - | |||
| - | ===== Публичный каталог доступный на чтение ===== | ||
| - | ==== FreeBSD/Ubuntu ==== | ||
| - | <code> | ||
| - | gate# cat smb.conf | ||
| - | </code><code> | ||
| - | [global] | ||
| - | workgroup = CORPX | ||
| - | security = share | ||
| - | [share] | ||
| - | path = /usr/share | ||
| - | guest ok = yes | ||
| - | </code> | ||
| - | или | ||
| - | <code> | ||
| - | [global] | ||
| - | workgroup = CORPX | ||
| - | security = user | ||
| - | map to guest = Bad User | ||
| - | [share] | ||
| - | path = /usr/share | ||
| - | guest ok = Yes | ||
| - | </code><code> | ||
| - | gate# testparm | ||
| - | </code> | ||
| - | |||
| - | ===== Публичный каталог доступный на запись ===== | ||
| - | ==== FreeBSD/Ubuntu ==== | ||
| - | <code> | ||
| - | gate# mkdir /var/samba | ||
| - | |||
| - | gate# cat smb.conf | ||
| - | </code><code> | ||
| - | [global] | ||
| - | workgroup = CORPX | ||
| - | security = share | ||
| - | hosts allow = 192.168.X. | ||
| - | [share] | ||
| - | path = /var/samba | ||
| - | guest ok = yes | ||
| - | read only = no | ||
| - | </code><code> | ||
| - | gate# chmod 777 /var/samba | ||
| - | </code> | ||
| - | или | ||
| - | <code> | ||
| - | [global] | ||
| - | workgroup = CORPX | ||
| - | security = user | ||
| - | hosts allow = 192.168.X. | ||
| - | map to guest = Bad User | ||
| - | [share] | ||
| - | path = /var/samba | ||
| - | guest ok = yes | ||
| - | read only = no | ||
| - | force user = nobody | ||
| - | </code><code> | ||
| - | gate# chmod -R nobody:nobody /var/samba | ||
| - | </code><code> | ||
| - | gate# testparm | ||
| - | </code> | ||
| - | |||
| - | ===== Идентификация доступа к файловому серверу на основе копии базы данных учетных записей (smbd должен быть запущен) ===== | ||
| - | <code> | ||
| - | gate# adduser user1 | ||
| - | ... | ||
| - | gate# adduser userN | ||
| - | |||
| - | gate# smbpasswd -a user1 | ||
| - | ... | ||
| - | gate# smbpasswd -a userN | ||
| - | |||
| - | gate# cat smb.conf | ||
| - | </code><code> | ||
| - | [global] | ||
| - | workgroup = CORPX | ||
| - | security = user | ||
| - | [share] | ||
| - | path = /var/samba | ||
| - | # valid users = user1, ... ,userN | ||
| - | valid users = @wheel | ||
| - | force user = nobody | ||
| - | read only = No | ||
| - | </code><code> | ||
| - | gate# mkdir /var/samba | ||
| - | |||
| - | gate# chown -r nobody:nobody /var/samba | ||
| - | </code> | ||
| - | Или для всех пользователей с домашними каталогами | ||
| - | <code> | ||
| - | [global] | ||
| - | workgroup = CORPX | ||
| - | security = user | ||
| - | [homes] | ||
| - | read only = no | ||
| - | </code> | ||
| - | |||
| - | ===== Идентификация доступа к файловому серверу на основе регистрации в AD ===== | ||
| - | [[WINBIND синхронизация пользователей с Microsoft AD]] | ||
| - | <code> | ||
| - | gate# cat smb.conf | ||
| - | ... | ||
| - | [user_write] | ||
| - | path = /tmp | ||
| - | valid users = CORPX\user1, CORPX\Administrator | ||
| - | read only = no | ||
| - | [group_write] | ||
| - | path = /tmp | ||
| - | valid users = "@CORPX\domain users" | ||
| - | read only = no | ||
| - | force user = nobody | ||
| - | </code> | ||
| - | |||
| - | ===== GSSAPI ===== | ||
| - | <code> | ||
| - | add -r cifs/gate.corp13.un | ||
| - | add -r cifs/gate.CORP13.UN | ||
| - | |||
| - | ext -k gatecifs.keytab cifs/gate.corp13.un | ||
| - | ext -k gatecifs.keytab cifs/gate.CORP13.UN | ||
| - | |||
| - | kadmin.local: addprinc -randkey cifs/gate.corp13.un | ||
| - | kadmin.local: addprinc -e rc4-hmac:normal -randkey cifs/gate.CORP13.UN | ||
| - | |||
| - | kadmin.local: ktadd -k gatecifs.keytab cifs/gate.corp13.un | ||
| - | kadmin.local: ktadd -k gatecifs.keytab cifs/gate.CORP13.UN | ||
| - | |||
| - | |||
| - | [gate.corp13.un:~] # cat /usr/local/etc/smb.conf | ||
| - | [global] | ||
| - | # CHOOSE ONE FROM | ||
| - | # kerberos method = system keytab | ||
| - | # use kerberos keytab = yes | ||
| - | realm = CORP13.UN | ||
| - | security = ads | ||
| - | [homes] | ||
| - | read only = no | ||
| - | [group_write] | ||
| - | path = /tmp | ||
| - | valid users = @group1 | ||
| - | read only = no | ||
| - | force user = nobody | ||
| - | |||
| - | user2@client2:~$ smbclient -k //gate.corp13.un/homes | ||
| - | |||
| - | root@client2.corp13.un:~# chmod +s /sbin/mount.cifs | ||
| - | root@client2.corp13.un:~# chmod +s /sbin/umount.cifs | ||
| - | |||
| - | user2@client2:~$ mkdir mnt/ | ||
| - | |||
| - | user2@client2:~$ mount.cifs //gate.corp13.un/homes mnt --verbose -o sec=krb5 | ||
| - | user2@client2:~$ umount.cifs mnt/ | ||
| - | |||
| - | root@client2.corp13.un:~# cat /etc/fstab | ||
| - | ... | ||
| - | //gate.corp13.un/homes mnt cifs rw,user,noauto,sec=krb5 0 0 | ||
| - | |||
| - | user2@client2:~$ mount mnt | ||
| - | user2@client2:~$ umount mnt | ||
| - | </code> | ||
файловые_сервисы_unix_для_пользователей_windows.1285847628.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
