This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
контроллер_домена_samba [2011/11/30 10:52] 127.0.0.1 внешнее изменение |
контроллер_домена_samba [2012/07/30 20:37] val |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Настройка сервера SAMBA как PDC ===== | ===== Настройка сервера SAMBA как PDC ===== | ||
- | ==== FreeBSD ==== | + | ==== Установка SAMBA ==== |
- | <code> | + | |
- | [server:~] # pkg_add -r samba3 | + | |
- | [server:~] # сd /usr/local/etc/ | + | [[Файловый сервер SAMBA#Установка SAMBA]] |
- | </code> | + | |
- | ==== Ubuntu ==== | + | ==== Настройка сервера SAMBA как PDC ==== |
- | <code> | + | |
- | root@server:~# apt-get install samba | + | |
- | root@server:~# cd /etc/samba/ | + | === FreeBSD/Ubuntu === |
- | </code> | + | |
- | ==== FreeBSD/Ubuntu ==== | + | |
<code> | <code> | ||
server# cat smb.conf | server# cat smb.conf | ||
Line 32: | Line 25: | ||
path = /home/ | path = /home/ | ||
read only = no | read only = no | ||
- | map hidden = Yes | + | map hidden = Yes |
map system = Yes | map system = Yes | ||
</code><code> | </code><code> | ||
Line 40: | Line 33: | ||
</code> | </code> | ||
- | ===== Связываем группы windows c группами unix и запускаем контроллер домена ===== | + | ==== Связываем группы windows c группами unix и запускаем контроллер домена ==== |
- | ==== FreeBSD ==== | + | === FreeBSD === |
<code> | <code> | ||
[server:~] # pw groupadd users | [server:~] # pw groupadd users | ||
Line 49: | Line 42: | ||
[server:~] # net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d | [server:~] # net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d | ||
[server:~] # net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d | [server:~] # net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d | ||
+ | |||
+ | [server:~] # net groupmap add ntgroup=group1 unixgroup=group1 rid=15001 type=d | ||
[server:~] # net groupmap list | [server:~] # net groupmap list | ||
[server:~] # more /etc/rc.conf | [server:~] # more /etc/rc.conf | ||
- | … | + | </code><code> |
nmbd_enable="YES" | nmbd_enable="YES" | ||
smbd_enable="YES" | smbd_enable="YES" | ||
- | winbindd_enable="NO" | + | winbindd_enable="YES" |
- | … | + | </code><code> |
[server:~] # /usr/local/etc/rc.d/samba start | [server:~] # /usr/local/etc/rc.d/samba start | ||
</code> | </code> | ||
- | ==== Ubuntu ==== | + | === Ubuntu === |
<code> | <code> | ||
root@server:~# net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d | root@server:~# net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d | ||
Line 70: | Line 65: | ||
root@server:~# restart smbd | root@server:~# restart smbd | ||
- | root@server:~# start nmbd | + | root@server:~# restart nmbd |
</code> | </code> | ||
- | ===== Добавляем суперпользователя root в домен ===== | + | ==== Добавляем суперпользователя root в SAMBA домен ==== |
<code> | <code> | ||
server# smbpasswd -a root | server# smbpasswd -a root | ||
Smb password: password | Smb password: password | ||
- | … | + | ... |
server# pdbedit -w -L | server# pdbedit -w -L | ||
Line 92: | Line 87: | ||
</code> | </code> | ||
- | ===== Добавляем компьютер xp в домен ===== | + | ===== Добавление рабочих станций windows в SAMBA домен ===== |
==== FreeBSD ==== | ==== FreeBSD ==== | ||
Line 103: | Line 98: | ||
==== Ubuntu ==== | ==== Ubuntu ==== | ||
<code> | <code> | ||
- | root@server:~# adduser --force-badname --home /tmp --shell /bin/false client1$ | + | root@server:~# useradd client1$ -d /tmp -s /usr/sbin/nologin |
- | ... | + | |
- | Enter new UNIX password: Pa$$w0rd | + | |
- | root@server:~# adduser --force-badname --home /tmp --shell /bin/false client2$ | + | root@server:~# useradd client2$ -d /tmp -s /usr/sbin/nologin |
- | ... | + | |
</code> | </code> | ||
Line 119: | Line 111: | ||
[[http://wiki.samba.org/index.php/Windows7]] | [[http://wiki.samba.org/index.php/Windows7]] | ||
- | ===== Добавляем пользователей user1 и user2 в домен ===== | + | ===== Добавление пользователей в SAMBA домен ===== |
<code> | <code> | ||
server# smbpasswd -a user1 | server# smbpasswd -a user1 | ||
Line 128: | Line 120: | ||
... | ... | ||
...Password: spassword2 | ...Password: spassword2 | ||
- | |||
server# pdbedit -v -L user1 | grep Domain | server# pdbedit -v -L user1 | grep Domain | ||
server# pdbedit -u user1 -I CORPX | server# pdbedit -u user1 -I CORPX | ||
+ | |||
server# pdbedit -u user2 -I CORPX | server# pdbedit -u user2 -I CORPX | ||
</code> | </code> | ||
Line 138: | Line 130: | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [server:~] # pw usermod user1 -G users | + | [server:~] # pw usermod user1 -G group1,users |
- | [server:~] # pw usermod user2 -G users | + | [server:~] # pw usermod user2 -G group1,users |
</code> | </code> | ||
==== Ubuntu ==== | ==== Ubuntu ==== | ||
<code> | <code> | ||
- | root@server:~# usermod -G users user1 | + | root@server:~# usermod -G group1,users user1 |
- | root@server:~# usermod -G users user2 | + | root@server:~# usermod -G group1,users user2 |
</code> | </code> | ||
Line 155: | Line 147: | ||
</code> | </code> | ||
- | ===== Использование SAMBA PDC для идентификация доступа к сервисам ===== | + | ===== Добавление серверов unix в SAMBA домен ===== |
- | ==== Регистрация сервера в PDC ==== | + | ==== FreeBSD ==== |
- | + | ||
- | === FreeBSD === | + | |
<code> | <code> | ||
[server:~] # pw useradd gate$ -d /tmp -s /usr/sbin/nologin | [server:~] # pw useradd gate$ -d /tmp -s /usr/sbin/nologin | ||
</code> | </code> | ||
- | === Ubuntu === | + | ==== Ubuntu ==== |
<code> | <code> | ||
root@server:~# adduser --force-badname --home /tmp --shell /bin/false gate$ | root@server:~# adduser --force-badname --home /tmp --shell /bin/false gate$ | ||
Line 171: | Line 161: | ||
</code> | </code> | ||
- | ==== Настройка сервера на использование PDC ==== | + | ==== Настройка gate на использование PDC ==== |
- | + | ||
- | Аутентификация в режиме DOMAIN ([[Сервис WINBIND]]) | + | |
- | + | ||
- | Авторизация в режиме DOMAIN ([[Сервис WINBIND]]) | + | |
+ | * [[Сервис WINBIND]] | ||
===== Использование Logon скрипта ===== | ===== Использование Logon скрипта ===== | ||
Line 184: | Line 170: | ||
<code> | <code> | ||
server# cat smb.conf | server# cat smb.conf | ||
+ | </code><code> | ||
+ | [global] | ||
... | ... | ||
logon script = logon.cmd | logon script = logon.cmd | ||
Line 207: | Line 195: | ||
<code> | <code> | ||
server# cat /home/samba/logon.cmd | server# cat /home/samba/logon.cmd | ||
+ | </code><code> | ||
net use M: \\gate\share | net use M: \\gate\share | ||
net use N: \\gate\homes | net use N: \\gate\homes | ||
+ | </code><code> | ||
server# unix2dos /home/samba/logon.cmd | server# unix2dos /home/samba/logon.cmd | ||
или | или | ||
server# todos /home/samba/logon.cmd | server# todos /home/samba/logon.cmd | ||
</code> | </code> | ||
- | Примечание: для установки ПО user должен либо входить в группу локальных админисраторов xp, либо входить в группу администраторов домена wheel (FreeBSD) или root (Ubuntu) | ||
- | |||