This shows you the differences between two versions of the page.
контроллер_домена_samba [2012/12/10 15:46] val |
контроллер_домена_samba [2013/05/22 13:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Контроллер домена SAMBA ====== | ||
- | ===== Настройка сервера SAMBA как PDC ===== | ||
- | |||
- | ==== Установка SAMBA ==== | ||
- | |||
- | [[Файловый сервер SAMBA#Установка SAMBA]] | ||
- | |||
- | ==== Настройка сервера SAMBA как PDC ==== | ||
- | |||
- | === FreeBSD/Ubuntu === | ||
- | <code> | ||
- | server# cat smb.conf | ||
- | </code><code> | ||
- | [global] | ||
- | workgroup = CORPX | ||
- | os level = 33 | ||
- | domain master = yes | ||
- | security = user | ||
- | domain logons = yes | ||
- | logon path = \\%L\profiles\%U | ||
- | [netlogon] | ||
- | path = /home/samba | ||
- | [profiles] | ||
- | path = /home/ | ||
- | read only = no | ||
- | map hidden = Yes | ||
- | map system = Yes | ||
- | </code><code> | ||
- | server# testparm | ||
- | |||
- | server# mkdir /home/samba | ||
- | </code> | ||
- | |||
- | ==== Связываем группы windows c группами unix и запускаем контроллер домена ==== | ||
- | |||
- | === FreeBSD === | ||
- | <code> | ||
- | [server:~] # pw groupadd users | ||
- | |||
- | [server:~] # net groupmap add ntgroup="Domain Admins" unixgroup=wheel rid=512 type=d | ||
- | [server:~] # net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d | ||
- | [server:~] # net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d | ||
- | |||
- | [server:~] # net groupmap add ntgroup=group1 unixgroup=group1 rid=15001 type=d | ||
- | |||
- | [server:~] # net groupmap list | ||
- | |||
- | [server:~] # more /etc/rc.conf | ||
- | </code><code> | ||
- | nmbd_enable="YES" | ||
- | smbd_enable="YES" | ||
- | winbindd_enable="YES" | ||
- | </code><code> | ||
- | [server:~] # /usr/local/etc/rc.d/samba start | ||
- | </code> | ||
- | |||
- | === Ubuntu === | ||
- | <code> | ||
- | root@server:~# net groupmap add ntgroup="Domain Admins" unixgroup=root rid=512 type=d | ||
- | root@server:~# net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d | ||
- | root@server:~# net groupmap add ntgroup="Domain Guests" unixgroup=nogroup rid=514 type=d | ||
- | |||
- | root@server:~# net groupmap add ntgroup=group1 unixgroup=group1 rid=15001 type=d | ||
- | |||
- | root@server:~# net groupmap list | ||
- | |||
- | root@server:~# restart smbd | ||
- | root@server:~# restart nmbd | ||
- | </code> | ||
- | |||
- | ==== Добавляем суперпользователя root в SAMBA домен ==== | ||
- | <code> | ||
- | server# smbpasswd -a root | ||
- | Smb password: password | ||
- | ... | ||
- | |||
- | server# pdbedit -w -L | ||
- | </code> | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [server:~] # pw usermod root -G users | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@server:~# usermod -G users root | ||
- | </code> | ||
- | |||
- | ===== Добавление рабочих станций windows в SAMBA домен ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [server:~] # pw useradd client1$ -d /tmp -s /usr/sbin/nologin | ||
- | |||
- | [server:~] # pw useradd client2$ -d /tmp -s /usr/sbin/nologin | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@server:~# useradd client1$ -d /tmp -s /usr/sbin/nologin | ||
- | |||
- | root@server:~# useradd client2$ -d /tmp -s /usr/sbin/nologin | ||
- | </code> | ||
- | |||
- | ==== Windows XP ==== | ||
- | |||
- | Регистрируем в домене CORPX используя учетную запись root | ||
- | |||
- | ==== Windows 7 ==== | ||
- | |||
- | [[http://wiki.samba.org/index.php/Windows7]] | ||
- | |||
- | ===== Добавление пользователей в SAMBA домен ===== | ||
- | <code> | ||
- | server# smbpasswd -a user1 | ||
- | ... | ||
- | ...Password: spassword1 | ||
- | |||
- | server# smbpasswd -a user2 | ||
- | ... | ||
- | ...Password: spassword2 | ||
- | |||
- | server# pdbedit -v -L user1 | grep Domain | ||
- | |||
- | server# pdbedit -u user1 -I CORPX | ||
- | |||
- | server# pdbedit -u user2 -I CORPX | ||
- | </code> | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [server:~] # pw usermod user1 -G group1,users | ||
- | |||
- | [server:~] # pw usermod user2 -G group1,users | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@server:~# usermod -G group1,users user1 | ||
- | |||
- | root@server:~# usermod -G group1,users user2 | ||
- | </code> | ||
- | |||
- | Зарегистрируйтесь как пользователь user1 в XP, cоздайте папку на рабочем столе и отключитесь от системы | ||
- | <code> | ||
- | server# ls ~user1 | ||
- | </code> | ||
- | |||
- | ===== Добавление серверов unix в SAMBA домен ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [server:~] # pw useradd gate$ -d /tmp -s /usr/sbin/nologin | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@server:~# useradd gate$ -d /tmp -s /usr/sbin/nologin | ||
- | </code> | ||
- | |||
- | ==== Настройка gate на использование PDC ==== | ||
- | |||
- | * [[Сервис WINBIND#Регистрация unix системы в домене в режиме DOMAIN]] | ||
- | |||
- | ===== Использование Logon скрипта ===== | ||
- | |||
- | ==== Настройка PDC ==== | ||
- | <code> | ||
- | server# cat smb.conf | ||
- | </code><code> | ||
- | [global] | ||
- | ... | ||
- | logon script = logon.cmd | ||
- | [netlogon] | ||
- | ... | ||
- | </code> | ||
- | |||
- | ==== Создание скрипта ==== | ||
- | |||
- | === FreeBSD === | ||
- | <code> | ||
- | [server:~] # pkg_add -r unix2dos | ||
- | |||
- | [server:~] # rehash | ||
- | </code> | ||
- | |||
- | === Ubuntu === | ||
- | <code> | ||
- | root@server:~# apt-get install tofrodos | ||
- | </code> | ||
- | |||
- | === FreeBSD/Ubuntu === | ||
- | <code> | ||
- | server# cat /home/samba/logon.cmd | ||
- | </code><code> | ||
- | net use M: \\gate\share | ||
- | net use N: \\gate\homes | ||
- | </code><code> | ||
- | server# unix2dos /home/samba/logon.cmd | ||
- | или | ||
- | server# todos /home/samba/logon.cmd | ||
- | или | ||
- | server# awk '{printf $0"\r\n"}' /home/samba/logon.cmd > /home/samba/logon.cmd | ||
- | </code> |