User Tools
файловый_сервер_samba
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
файловый_сервер_samba [2021/01/12 16:37] val [Идентификация доступа к файловому серверу на основе копии базы данных учетных записей] |
файловый_сервер_samba [2022/10/14 08:23] val [Режим ADS без использования WINBIND] |
||
|---|---|---|---|
| Line 9: | Line 9: | ||
| # apt install samba | # apt install samba | ||
| - | # cd /etc/samba/ | + | # mkdir -p /disk2/samba && chown games /disk2/samba |
| </code> | </code> | ||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | # pkg install samba44 | ||
| - | # service samba_server rcvar | ||
| - | |||
| - | # cat /etc/rc.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | samba_server_enable=yes | ||
| - | smbd_enable=yes | ||
| - | nmbd_enable=no | ||
| - | winbindd_enable=no | ||
| - | </code><code> | ||
| - | # сd /usr/local/etc/ | ||
| - | </code> | ||
| ===== Публичный каталог доступный на чтение ===== | ===== Публичный каталог доступный на чтение ===== | ||
| Line 47: | Line 32: | ||
| guest ok = Yes | guest ok = Yes | ||
| </code><code> | </code><code> | ||
| - | server# testparm | + | # mkdir /var/distrs |
| - | server# mkdir /var/distrs && chown games /var/distrs | + | # cd /var/distrs |
| + | |||
| + | # wget http://val.bmstu.ru/unix/Mail/Thunderbird%20Setup%2017.0.msi | ||
| </code> | </code> | ||
| ===== Публичный каталог доступный на запись ===== | ===== Публичный каталог доступный на запись ===== | ||
| Line 71: | Line 58: | ||
| force user = games | force user = games | ||
| # browseable = no | # browseable = no | ||
| - | </code><code> | ||
| - | # mkdir -p /disk2/samba | ||
| - | |||
| - | # chown games /disk2/samba | ||
| </code><code> | </code><code> | ||
| # testparm | # testparm | ||
| Line 87: | Line 70: | ||
| New SMB password: wpassword1 | New SMB password: wpassword1 | ||
| - | server# smbpasswd -a user2 | + | server# (echo wpassword2; echo wpassword2) | smbpasswd -a user2 |
| # pdbedit -w -L | # pdbedit -w -L | ||
| Line 102: | Line 85: | ||
| [homes] | [homes] | ||
| read only = no | read only = no | ||
| + | |||
| + | ; sometimes solves the problem permission deny | ||
| + | ;;;; users = %U | ||
| + | ; force user=%U | ||
| + | |||
| [corp_share] | [corp_share] | ||
| path = /disk2/samba | path = /disk2/samba | ||
| valid users = user1 user2 games | valid users = user1 user2 games | ||
| - | # valid users = @wheel games | + | # valid users = @group1 games |
| - | # valid users = @sudo games | + | |
| force user = games | force user = games | ||
| read only = No | read only = No | ||
| - | </code><code> | ||
| - | server# mkdir /disk2/samba | ||
| - | |||
| - | server# chown -R games /disk2/samba | ||
| </code> | </code> | ||
| Line 152: | Line 135: | ||
| === Active Directory === | === Active Directory === | ||
| - | == Добавляем пользователя в AD == | ||
| <code> | <code> | ||
| Login: gatecifs | Login: gatecifs | ||
| Line 158: | Line 140: | ||
| </code> | </code> | ||
| Пароль не меняется и не устаревает | Пароль не меняется и не устаревает | ||
| - | |||
| - | == Создаем ключ сервиса cifs связывая его с фиктивным пользователем AD == | ||
| Устанавливаем Microsoft Windows Support Tools | Устанавливаем Microsoft Windows Support Tools | ||
| - | Название сервиса HTTP обязательно заглавными буквами | ||
| <code> | <code> | ||
| C:\>ktpass -princ cifs/gate.corpX.un@CORPX.UN -mapuser gatecifs -pass 'Pa$$w0rd' -out gatecifs.keytab | C:\>ktpass -princ cifs/gate.corpX.un@CORPX.UN -mapuser gatecifs -pass 'Pa$$w0rd' -out gatecifs.keytab | ||
| Line 195: | Line 174: | ||
| === Настройка samba сервера в режиме ADS без использования WINBIND === | === Настройка samba сервера в режиме ADS без использования WINBIND === | ||
| + | |||
| + | * [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899269|ads with MIT Kerberos KDC fails]] | ||
| + | |||
| <code> | <code> | ||
| - | ubuntu# cat smb.conf | + | gate# cat /etc/samba/smb.conf |
| - | + | ||
| - | freebsd# cat smb4.conf | + | |
| </code><code> | </code><code> | ||
| [global] | [global] | ||
| ... | ... | ||
| - | security = ADS | + | security = user |
| realm = CORPX.UN | realm = CORPX.UN | ||
| kerberos method = system keytab | kerberos method = system keytab | ||
| - | ... | ||
| - | [share] | ||
| - | ... | ||
| - | path = /var/samba | ||
| - | valid users = @group1 games | ||
| ... | ... | ||
| </code> | </code> | ||
| Line 224: | Line 199: | ||
| ==== Настройка samba сервера в режиме DOMAIN/ADS c WINBIND ==== | ==== Настройка samba сервера в режиме DOMAIN/ADS c WINBIND ==== | ||
| <code> | <code> | ||
| - | gate# cat smb.conf | + | gate# cat /etc/samba/smb.conf |
| </code><code> | </code><code> | ||
| [global] | [global] | ||
| Line 231: | Line 206: | ||
| [homes] | [homes] | ||
| + | ; may be need make homedir | ||
| read only = no | read only = no | ||
| - | [share] | + | |
| - | path = /var/samba | + | [corp_share] |
| - | ; valid users = CORPX\user1, CORPX\Administrator, CORPX\root | + | path = /disk2/samba |
| - | ; valid users = "@CORPX\domain admins" games | + | |
| - | ; valid users = "@CORPX\domain users" games | + | ;with winbind |
| - | valid users = @group1 games | + | ; valid users = CORPX\user1 CORPX\Administrator CORPX\root |
| + | ; valid users = @CORPX\group1 | ||
| + | ; valid users = "@CORPX\domain users" | ||
| + | |||
| + | ;without winbind, group1 must be master group | ||
| + | ; valid users = @group1 games | ||
| + | |||
| + | ;without winbind | ||
| + | ; valid users = user1 user2 games | ||
| + | | ||
| read only = no | read only = no | ||
| force user = games | force user = games | ||
| Line 243: | Line 228: | ||
| ===== Автоматическое создание домашних каталогов ===== | ===== Автоматическое создание домашних каталогов ===== | ||
| + | |||
| + | * Использование библиотеки PAM [[Использование библиотеки PAM#Автоматическое создание домашних каталогов]] | ||
| <code> | <code> | ||
| Line 248: | Line 235: | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | session required pam_mkhomedir.so | + | @include common-session-noninteractive |
| + | session optional pam_mkhomedir.so | ||
| </code><code> | </code><code> | ||
| - | gate# cat smb.conf | + | gate# cat /etc/samba/smb.conf |
| </code><code> | </code><code> | ||
| [global] | [global] | ||
| Line 258: | Line 246: | ||
| ===== Отладка ===== | ===== Отладка ===== | ||
| + | |||
| + | * [[https://wiki.samba.org/index.php/Client_specific_logging|Client specific logging]] | ||
| <code> | <code> | ||
| - | # cat smb.conf | + | # cat /etc/samba/smb.conf |
| </code><code> | </code><code> | ||
| [global] | [global] | ||
| ... | ... | ||
| - | log level = 2 | + | max log size = 0 |
| - | log file = /var/log/samba.log.%m | + | log file = /var/log/samba/log.%I |
| - | max log size = 50 | + | log level = 10 |
| - | debug timestamp = yes | + | debug pid = yes |
| + | debug uid = yes | ||
| + | debug class = yes | ||
| + | debug hires timestamp = yes | ||
| ... | ... | ||
| </code> | </code> | ||
| Line 279: | Line 272: | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | vfs objects = full_audit | + | vfs objects = full_audit |
| - | full_audit:prefix = %U|%u|%I|%m|%S | + | full_audit:prefix = %U|%u|%I|%m|%S |
| - | full_audit:success = unlink open | + | full_audit:success = unlink open |
| - | full_audit:failure = none | + | full_audit:failure = none |
| - | full_audit:priority = NOTICE | + | full_audit:priority = NOTICE |
| ... | ... | ||
| </code><code> | </code><code> | ||
файловый_сервер_samba.txt · Last modified: 2024/03/28 14:03 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
