User Tools
файловый_сервер_samba
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
файловый_сервер_samba [2021/03/31 06:23] val [Отладка] |
файловый_сервер_samba [2024/10/15 09:52] (current) val [Мониторинг активности пользователей] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Файловый сервер SAMBA ====== | ====== Файловый сервер SAMBA ====== | ||
| - | [[http://ru.wikipedia.org/wiki/Samba]] | + | * [[https://ru.wikipedia.org/wiki/Samba|Samba]] |
| + | * [[https://interface31.ru/tech_it/2023/07/vklyuchaem-otobrazhenie-samba-servera-v-setevom-okruzhenii-windows.html|Включаем отображение Samba-сервера в сетевом окружении Windows]] | ||
| ===== Установка SAMBA ===== | ===== Установка SAMBA ===== | ||
| Line 70: | Line 71: | ||
| New SMB password: wpassword1 | New SMB password: wpassword1 | ||
| - | server# smbpasswd -a user2 | + | server# (echo wpassword2; echo wpassword2) | smbpasswd -a user2 |
| # pdbedit -w -L | # pdbedit -w -L | ||
| Line 84: | Line 85: | ||
| security = user | security = user | ||
| [homes] | [homes] | ||
| - | read only = no | + | read only = no |
| + | valid users = %S | ||
| + | |||
| + | ; sometimes solves the problem permission deny | ||
| + | ;;;; users = %U | ||
| + | ; force user=%U | ||
| [corp_share] | [corp_share] | ||
| Line 130: | Line 137: | ||
| === Active Directory === | === Active Directory === | ||
| - | == Добавляем пользователя в AD == | ||
| <code> | <code> | ||
| Login: gatecifs | Login: gatecifs | ||
| Line 136: | Line 142: | ||
| </code> | </code> | ||
| Пароль не меняется и не устаревает | Пароль не меняется и не устаревает | ||
| - | |||
| - | == Создаем ключ сервиса cifs связывая его с фиктивным пользователем AD == | ||
| Устанавливаем Microsoft Windows Support Tools | Устанавливаем Microsoft Windows Support Tools | ||
| - | Название сервиса HTTP обязательно заглавными буквами | ||
| <code> | <code> | ||
| C:\>ktpass -princ cifs/gate.corpX.un@CORPX.UN -mapuser gatecifs -pass 'Pa$$w0rd' -out gatecifs.keytab | C:\>ktpass -princ cifs/gate.corpX.un@CORPX.UN -mapuser gatecifs -pass 'Pa$$w0rd' -out gatecifs.keytab | ||
| Line 206: | Line 209: | ||
| [homes] | [homes] | ||
| ; may be need make homedir | ; may be need make homedir | ||
| - | read only = no | + | read only = no |
| + | valid users = %S | ||
| [corp_share] | [corp_share] | ||
| Line 264: | Line 268: | ||
| ===== Мониторинг активности пользователей ===== | ===== Мониторинг активности пользователей ===== | ||
| + | |||
| + | <code> | ||
| + | # smbstatus | ||
| + | </code> | ||
| * [[https://moiristo.wordpress.com/2009/08/10/samba-logging-user-activity/|Samba: Logging User Activity]] !!! аудит можно настроить глобально или, на конкретном ресурсе !!! | * [[https://moiristo.wordpress.com/2009/08/10/samba-logging-user-activity/|Samba: Logging User Activity]] !!! аудит можно настроить глобально или, на конкретном ресурсе !!! | ||
| Line 273: | Line 281: | ||
| vfs objects = full_audit | vfs objects = full_audit | ||
| full_audit:prefix = %U|%u|%I|%m|%S | full_audit:prefix = %U|%u|%I|%m|%S | ||
| - | full_audit:success = unlink open | + | full_audit:success = connect, open, mkdir, rmdir, unlink, write, rename |
| full_audit:failure = none | full_audit:failure = none | ||
| full_audit:priority = NOTICE | full_audit:priority = NOTICE | ||
файловый_сервер_samba.1617160992.txt.gz · Last modified: 2021/03/31 06:23 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
